Samsung Gets Off Easy With Big Security Flaw

These types of issues are unbelievable to me. Mostly, because if this were Apple it would hammer every tech site on the web, and would probably even end up in the Wall Street Journal. I guess we don’t expect much more from Samsung.

There are versions (read: AT&T) of the recently released Samsung Galaxy S II that are going to customers with a pretty big security flaw. THis flaw leaves their phones unlocked even when they think they’ve got them password protected.

Using a simple workaround, the security hole allows anyone to bypass the unlock pattern, which normally denies users access to an Android device unless a preset pattern is drawn on a grid of nine dots spread across the device’s lock screen. The same flaw allows users to bypass PIN security as well. We have confirmed that the flaw exists on AT&T’s Galaxy S II and not on Sprint’s Galaxy S II, Epic Touch 4G, though it is currently unclear if other phone models are affected. Hit the break for details on the flaw.

It was initially guessed that maybe this was only an issue on the test model of the Galaxy S II – after all, the media should cut Samsung some slack, like they do Apple… oh wait. However, AT&T and Samsung released a statement:

Samsung and AT&T are aware of the user interface issue on the Galaxy S II with AT&T. Currently, when using a security screen lock on the device, the default setting is for a screen timeout. If a user presses the power button on the device after the timeout period it will always require a password. If a user presses the power button on the phone before the timeout period, the device requests a password – but the password is not actually necessary to unlock it.

Samsung and AT&T are investigating a permanent solution. In the meantime, owners of the Galaxy S II can remedy the situation by re-setting their time-out screen to the “immediately” setting. This is done by going to the Settings ->Location and Security->Screen unlock settings->Timeout->Immediately.

Video Source: BGR

Tags: , , , , , , , , , ,