iPhone is not the only device affected by a bypass lock bug error, even Samsung flagship devices Galaxy S3 and Galaxy Note 2 also suffer from the same glitch. This confirms that no smartphone devices is completely secured from hacking or bypass procedures.
The lock screen is the main defense to keep confidential information away from intruders. But if the defense mechanism of the lock screen is bypassed, prying eyes could tap into the deepest data inside the device.
Android Authority posted about the discovered bug by mobile enthusiast Terence Eden and completely exposed the issue in his personal blog that Samsung does not have a dedicated disclosure team. There are several types of lock screen that can be used to protect unwanted pryers from Galaxy S3 or Galaxy Note 2 - Pattern, Lock, Pin, and Face Unlock provided by the Android OS. Unfortunately, all of the above security lock screen is susceptible to this bypass attack.
The following are the steps to get the bug to your own Android device.
1. Lock the device using the affected security.
2. Turn on the device's screen by using the Power or Home key, whichever works
3. Tap the "Emergency Call"
4. Tap the "ICE - emergency contacts" button on the bottom left
5. Press the "Home" key
6. Quickly tap on an application or widget displayed on the home screen. For example, a direct call widget allows calling a person without unlocking the device.
The same procedure works as well against Galaxy Note 2 with model number GT-N7100, running Android 4.1.2. Pressing the "Home" key while the emergency contacts are displayed provides a moment of the device's home screen. It depends if there are any app icons or widget present and active on the home screen, the bypass bug should be harmless. The attack according to Eden is still limited, although this attack can even penetrate third-party launchers or application lockers.
Sean McMillan posted on the Full Disclosure mailing list the steps of lock screen bypass against Galaxy S3.
1. Tap the "Emergency call" on the lock screen
2. Tap the "ICE- emergency contacts" button
3. Press the "home" key once
4. Quickly press the "power" key after step 3
5. If the bug occurs, the second press on the "home" key will direct you to the home screen
According to McMillan, it will take several attempts for the bug to enter, but a successful attempt disables the lock , and the bug can freely navigate inside the device until it is rebooted.
Another note is that an active Automatic Screen Rotation may increase the likelihood of the bypass bug. McMillan used three Galaxy S3 with model number GT-I9300 with kernel version 3.031-742798 running Android 4.1.2.
The good news is, not all Android devices are affected by the same bug and it seems to work with Samsung's customised software. So the next Galaxy flagship device must be smarter than this bypass no matter how powerful the specs may be.