March 11, 2013

Patch for Samsung Galaxy III Lock Screen Vulnerability

Summary
A vulnerability that bypasses the Samsung Galaxy S3 lock screen was discovered last week. This vulnerability allows full access to the device regardless of the strength of the device’s password. To help minimize the risk to users, Lookout released an update today to its Lookout Mobile Security Android app on Google Play that protects owners of the Samsung Galaxy S3, Note II and S3 Mini from this vulnerability. Lookout users are also protected if the phone is lost or stolen when using ‘Lock’ from Lookout’s web app. An official device patch is expected from Samsung shortly, and we recommend that users update their devices as soon as the patch is released.

The Details
The Samsung Galaxy exploit allows the lock screen to be bypassed in a series of five steps that can be triggered by canceling an emergency call, accessing emergency contacts and quick reflexes with the home and power button.

To mitigate the risk, when Lookout detects the emergency contact dialer has been backgrounded, we preemptively bring it back to the forefront so that the rest of the phone cannot be accessed.

Affected devices appear to be the Samsung Galaxy S3 models and the Samsung Note II. Lookout Galaxy S3 Mini users are also protected.

How to Stay Safe

  • Download the Lookout Mobile Security app from Google Play or update the app to version 8.10.2.
  • Protect your phone like you protect your wallet. Keep your phone close to your person and avoid leaving it out it open places.
  • Watch out for a Samsung Galaxy S3, Note II and S3 Mini system update and install it as soon as it is released.
Leave a comment