Modernizing Authentication — What It Takes to Transform Secure Access
Blogger Terence Eden recently uncovered a method of accessing apps and dialing phone numbers on a Samsung Galaxy Note II running Android 4.1.2, even when the phone is locked. "There is no way to secure your phone against your home screen being accessed," he wrote.
"Somewhat tricky to accomplish, it requires the user to press the 'Emergency Call' icon, then the ICE (in case of emergency) button, and then hold down the home button," writes CNET's Scott Webster.
"Just before the lock screen pops up, the home screen is displayed very briefly," writes Threatpost's Brian Donohue. "As the home screen flashes, a user can touch one of the apps displayed and access it without authentication."
"However, because of the short time interval in which the screen is displayed, and because after that all the apps immediately go into the background, special circumstances have to be met in order for the attacker to be able to cause any damage," writes Softpedia's Eduard Kovacs.
"The vulnerability affects the Galaxy Note II running Android 4.1.2, however it could exist in other devices that feature Samsung’s TouchWiz user interface," writes BGR's Dan Graziano. "Eden notes that this is a 'reasonably small vulnerability' with 'limited value,' unlike the recent security hole found in Apple’s iPhone that allows unauthorized users to make calls, [view] contacts and listen to voicemails."