It seems like every month there’s a new flaw with either the Galaxy S3 or Galaxy Note 2. This newest flaw allows intruders to gain full access to a locked Galaxy Note 2 thanks to a bug in the lockscreen. A developer by the name of Terence Eden discovered this flaw. The flaw is in the emergency dialer which allows intruders to interact with the device, and the ability to permanently disable the lock screen. Eden has discovered this on a Galaxy Note 2 running Android 4.1.2, and The Verge has confirmed it on the AT&T Galaxy Note 2 with Android 4.1.1. The issue appears to be a bug in Touchwiz on the Galaxy Note 2 only. It hasn’t been found in the Galaxy S3…yet.
Eden states on his blog that the only way to completely defend your Galaxy Note 2 against this bug is to remove the Samsung firmware and replace it with a 3rd party ROM. In addition, YouTube user ‘bicecream88’ has said that you can partially defend this attack by doing the following:
By disabling your screen animations, it is possible to reduce the amount of time the screen is displayed.Settings -> Developer Options -> Window animation scale -> off
Repeat for Transition animation scale and Animator duration scale.
The vulnerability is still present – but you need to be a lot quicker in order to exploit it.
So as we said in the title, this is yet another security flaw for Samsung’s 2012 flagship devices. We’ve seen that browser bug that will reset your phone without you knowing it, then the Exynos exploit, and a few others. Since all of these are due to Touchwiz, except for the Exynos exploit, it makes you wonder why Samsung doesn’t just slap stock Android on their devices? It’ll fix all these flaws.
If you have the Galaxy Note 2, let us know in the comments below if these flaws are going to keep you from getting another Samsung device.