A few new vulnerabilities came to light in recent days.
Terence Eden reports that you can run apps and dial numbers on Samsung’s Android 4.1.2 “even when the device is locked”.
Terence posts a How-To:
- Lock the device with a “secure” pattern, PIN, or password.
- Activate the screen.
- Press “Emergency Call”.
- Press the “ICE” button on the bottom left.
- Hold down the physical home key for a few seconds and then release.
- The phone’s home screen will be displayed – briefly.
- While the home screen is displayed, click on an app or a widget.
- The app or widget will launch.
- If the widget is “direct dial” the phone will start ringing.
It is interesting to see a community response to his video.
Jan de Vos posts: “XPeria S with Android 4.0 also has this vulnerability, although the period that the home screen is visible is actually smaller there. Same actions: press ’emergency call’, and from that screen push ‘home’ – the home screen will very briefly show before the lock screen is visible again.” Pavan Santani believes that this flaw can be “patched” via App lock Software and locking contacts.
Shortly after similar flaw was reported in Galaxy S III. This flaw is rumored to be fixed by the end of this year.
Security flaws are frequently discovered in new and old devices – it would be sensible to keep an eye on the facts and make decisions to change devices, if and when it makes sense.