Handsets

This TouchWiz ‘security flaw’ is so ridiculous it’s no wonder Samsung overlooked it

49


There is a new Samsung TouchWiz security scare being bandied about the internet today. In a video demonstration, a Galaxy Note 2 owner shows how a glitch gives anyone opening the phone’s emergency dialer access to the handset’s home screen…for less than a second.

Yes, the video successfully demonstrates that an individual, with enough effort, can gain access to a Samsung device using this method to bypass the lock screen. It involves downloading a lock screen removal app from the Google Play Store via a series of deftly placed taps during the infinitesimal period of time the would-be phone thief has access to the device’s software.

The only problem is that a whole bunch of things need to go right in order for this to happen. There is the small matter of navigating to the Google Play Store, activating voice search, finding the proper app, and hoping the app shortcut lands in an easy to tap area. There is the matter of registering that tap (or any of the taps before it) within the allotted time. In other words, this seems like an awful lot of work for the average crook looking to get inside your phone. We doubt anyone would have even thought of this if it wasn’t for the obsessed tinkering of this individual Note 2 owner.

Anyway, freak out if you want. It seems like a super easy fix for Samsung, if they even bother patching it. To us, though, this security “flaw” smells more like a security fail.

[via Terrence Eden]

Kevin Krause
Pretty soon you'll know a lot about Kevin because his biography will actually be filled in!

Google Currents updated with audio support

Previous article

Sprint letting MVNOs take on Android smartphones

Next article

You may also like

49 Comments

  1. Oh well, cuz touchwiz sucks

    1. oh well, cuz you have never used it

      1. I’ve owned 2 phones with Touchwiz, and Touchwiz sucks. Have a nice day :)

        1. I owned more than 2 touchwiz and it really rocks.

        2. It sucks and yet you still use it. Hmmm….

          1. Some people just like Samsung’s hardware.

        3. Touchwiz is not only the best OEM version of Android, it’s better than stock. You’ve never used Touchwiz. Have a nice day.

          1. TouchWiz is better than stock? You have lost your mind.

          2. Nope. It’s an undeniable fact. Everything stock does, touchwiz did first, and still does better.

          3. While I wouldn’t say Touchwiz sucks (I agree that it’s probably the best OEM implementation), I still prefer AOSP ROMs, and until now I had no idea there were actually Touchwiz “fans.” Like, wow.

          4. ROMs are a different beast entirely. They can add in things Stock leaves out… like functional notification bar toggles… of which CM has the best implementation of. TW’s work fine with the same input for each… and stock has buttons that are all different – some are tap, some are long press, others launch the settings menu.

          5. That’s fair. I am using CM on my GS3, and though I tried out a “pure AOSP experience” ROM a couple months ago, I don’t recall being dissatisfied with the notifications. But then again, I had to remove it the same day because the bluetooth wasn’t working right. Even when running stock TW and TW-based ROMs, though, I usually find myself turning off as many of the “features” as possible.

  2. add more steps if you disable the option to automatically place icons on homescreen when downloading apps from the Play Store.

  3. Give enough publicity for any bad thing and things will change.. it is good that these are made public!

  4. EDIT: didn’t watch the whole video

  5. by default….i have the market configured to not add to homescreen. i wonder if you can open the app drawer in that scenario. my S3 is running AOKP b/c yes TW sucks.

    1. On the Note series, TW means fully utilized device features, no point in installing some custom mods. On a regular phone – yes, you might be right.

    2. Even if you could open the app drawer you it would have to be in the first page because you are not going to have enough time to scroll over before it locks up

  6. At least I don’t have to freeze it below 0 C to then ADB into the encrypted memory. I was really worried about that problem.

  7. If you have sensitive data on your phone this is a serious security flaw. If your data is valuable to someone they will spend the time required to get to it. This is mostly the case in corporate setting, probably rarely in private/social one, but it should not be dismissed as minor security issue.

    1. A phone used for business purposes should have the proper software to wipe it remotely.

      1. Um I think he was just referring to people that work in a corporate setting that have their own personal device. your co-worker may try and get into your phone either to prank you or worse case screw you over.

      2. Yes, but… You shouldn’t have to possibly wipe your phone because the manufacturer left so many security holes that anyone can take advantage of.

      3. FOR FUCKS SAKE SERIOUSLY THIS FLAW SHOULD NOT EXIST!

  8. Wait!! So the crook would need to download AND install an app on your phone? Really? Who sent this in? Why is this considered a threat?

    Watch this happens to me. =.P

    1. Considering installation of Play Store apps happen immediately after download completion, without user intervention, even while your phone is locked, it’s easier than you’re making it out to be.

  9. Well,thanks to you,& others who post a “how-to”,it’s not difficult.or,time consuming.Then,you’re coming across the flaw w/a dismissive attitude & an apologist for SAMSUNG.

    I say fix the damn thing.It’s this “whatev” attitude that is partially responsible for manufacturers not pushing out updates in a timely manner.

  10. I always see these articles and I never seem to care. Maybe because I don’t have the option checked to add shortcuts to my home screen. Maybe because I don’t even have a password setup for my lock screen.

  11. The article sounds like a Samsung fanboy’s rant.

    It is a huge flaw! Maybe not something the average user needs to worry about, but HUGE nonetheless, because it completely negates the use of your lockscreen!

    1. See here it the flow chart…..Security flaw BAD if discovered by the average user. Security Flaw OK if discovered by Apple Fanboy. The flaw would be ok because the Android fanboys would cry foul because it was discovered by a Apple Fanboy. They would turn it around and say it isn’t a big deal and than go on a tirade about how much Apple sucks. “Hey like Apple is overpriced junk! That is much much worse than a security flaw…SUCK IT ISHEEP!”

      1. Stop dragging apple into everything related to Android. Seriously,what are you? In love with Apple? tsk!

    2. See here is the flow chart…..Security flaw BAD if discovered by the average user. Security Flaw OK if discovered by Apple Fanboy. The flaw would be ok because the Android fanboys would cry foul because it was discovered by a Apple Fanboy. They would turn it around and say it isn’t a big deal and than go on a tirade about how much Apple sucks. “Hey like Apple is overpriced junk! That is much much worse than a security flaw…SUCK IT ISHEEP!”

      1. Stop dragging apple into everything related to Android. Seriously,what are you? In love with Apple? tsk!

        Security flaw severities have nothing to do with other OS’

  12. Not as much as your Mom.

  13. This is a very bad security flaw. These bugs shouldn’t be occurring. I am ok with a bug with like S-Voice, but the actual lock screen? Makes me want to make sure I don’t let my phone out of my sight even more.

    1. Drama queen! Its not that big of a deal and will probably be fixed soon.

      1. How many more security flaws must occur on Touchwiz? I see so many bad glitches on software in general lately. The Nexus 4 has its fair share of bugs. I remember a few months ago about a glitch or exploit someone can use to completely render a Galaxy device useless. So what if I care about my data being accessible to a hacker or a thief?

      2. Calm down buddy! It’s a flaw that could lead to problems. The planet doesn’t revolve around barondehx1.

  14. So… Basically… with the right amount of time and steps, anyone can access anything on your phone…
    Although it might take a lot of effort and time, if I stole a Note 2, I wouldn’t care about the effort or time I took to get it unlocked… It’s a free Note 2!
    Samsung should address it soon, because it’s actually a big flaw in security.

    1. Ya but you know it’s not a big deal.

  15. It’s not just Touchwiz that can cause that flaw, there are some lockscreen apps that have the same/similar type of flaw. No matter what, if a crook steals a phone, they are going to find a way to bi-pass the security and/or just try selling the phone with a bad esn, or part it out and sell the parts. Bottom line, don’t lose your phone and/or add Cerebrus on for security purposes.

  16. I don’t find this to be that big of a deal, at least in my situation. I also use an app locker to lock all the of settings and applications I don’t want people looking in. So, even if by some chance they did get past my lock screen they couldn’t get into my settings and I never have my phone set to drop a widget on my homescreen. I guess in theory you could try and download a uninstaller app but I think that would be too difficult especially on my phone because I gave it administratior rights.

  17. it’s a very bad security flaw, it’s not like those exploits where you could decrypt a hash if you had access to a cluster of servers or with a crafty script could read the cache of neighbor’s hosted server or if you were quick enough to put the phone in a freezer and attached a homemade decompiler to the cpu could read it’s state… no this is something even a novice can do, it only requires a little timing, no special skill or tools, very big fail, I would not put my banking app on a device with such a flaw.

  18. My S3 isn’t scared.

  19. I never use the lock screen (SG3). Too much hassle imo. If anybody want it they can get my phone. Please have a go ;-) It’s in front of a lot of people all the time. – I suppose 4-500 people could take it 5 days a week.. but they won’t skip the surveillance ;-)

  20. I don’t use a lock screen on my S3 in hopes that whoever finds the phone doesn’t format it. This way I can track them using Cerberus and get it back. I do however lock certain apps for privacy using Screen App Protector.

  21. What’s more ridiculous is that someone at Samsung HAD to have seen this “flaw” and decided not to fix it. I don’t know that anyone will use this exploit to gain unauthorized access to a device but this is the sort of bug that should not go unnoticed.

  22. Just tested to see how this affects the S3, and half of it actually works. Pressing the home button does bring up the home screen briefly.

    However, thankfully the back button does not show the previous screen even briefly, it goes straight to the lock screen.

    That being said, if they can find some variation that does get the back button to also work, this could also affect the S3.

  23. I couldn’t watch the whole video but it appears under those conditions it took less than 3 minutes. I’d say that’s noteworthy. So even if those conditions aren’t given and it takes 30 min, you might care if you got arrested and had “evidence” on the phone! Just Sayin….

Leave a reply

Your email address will not be published. Required fields are marked *

More in Handsets