We use cookies on our websites. Information about cookies and how you can object to the use of cookies at any time or end their use can be found in our privacy policy.
Samsung Galaxy Note 2 Security Flaw In Homescreen

Samsung’s Galaxy Note 2 is one fine looking tablet, and no doubt it has sold millions across the globe (and will continue to do so, at least until the Galaxy Note 3 or its successor is released), but having a great design is not all there is to a smartphone. Terence Eden has discovered a security flaw in the homescreen, allowing you to run apps as well as dial numbers even when the Galaxy Note 2 which runs on Android 4.1.2 Jelly Bean is locked.

This particular attack is super effective (in Pokemon parlance) against Pattern Lock, PIN, Password, and Face Unlock, without any known method, according to Mr. Eden, to prevent your homescreen from being accessed. Being on Santa’s naughty list this year is going to be easy as long as you follow the following steps, taken verbatim from Mr. Eden’s blog.

1. Lock the device with a "secure" pattern, PIN, or password.
2. Activate the screen.
3. Press "Emergency Call".
4. Press the "ICE" button on the bottom left.
5. Hold down the physical home key for a few seconds and then release.
6. The phone's home screen will be displayed - briefly.
7. While the home screen is displayed, click on an app or a widget.
8. The app or widget will launch.
9. If the widget is "direct dial" the phone will start ringing.

Of course, this attack is not that “destructive” when you think about it, whether it is making a phone call depending on a direct dial widget’s availability on the homescreen or to allow the attacker to check out what kind of apps that you have there, but still, a security vulnerability or risk such as this should not be there in the first place.

So far, Mr. Eden has given this method a go on the Galaxy Note 2 (N7100) which runs on Android 4.1.2 Jelly Bean (the most recent UK variant), so can anyone else out there tell us if a different Galaxy Note 2 on other firmware versions is also vulnerable?

The video that you see above will show you how the homescreen security flaw happens in a step-by-step account, and there is no way for one to photoshop this at all. Still, I am quite confident that this does not mean Samsung's Galaxy Note 2 is going to see a notable drop in sales figures anytime soon, but if you are a paranoid android about data security on your smartphone or phablet, this would most probably shake your confidence in the Galaxy Note 2, that you might just strike it off from your list of potential phablet purchases.


What Can I Do?

Well, there are some steps that you can take to avoid falling victim to this exploit short of not using a Galaxy Note 2 with Android 4.1.2 Jelly Bean, of course. First of all, quit using direct dial widgets on your homescreen, and do away with any calendar or email widgets which might display information for your eyes only from your homescreen. Other than that make sure that apps on your homescreen will not cost you money automatically, or function in a malicious manner when launched. It is also a good idea to fall back on an app locker that will prompt for a password whenever an app is launched.

1 Comment

Write new comment:
All changes will be saved. No drafts are saved when editing

  • Ok so I've followed the steps mentioned above and after pressing the home button I am able to open a app on the home screen like gmail but as soon as it opens the screen locks me out emedietly an takes me back to the emergency call screen. Also you have to be very quick to open the app and if you try to open it and then on the second try try to dig around in the app you wont be able because the app closses the second time and you would have to open it again. But if you unluck your note 2 emedietly after opening the app like mentioned above you will find the app opend. I have tried numerous times already to open the apps and keep them open but it just doesn't happen. I'm trying this on my galaxy note 2 N7100 on android version 4.1.1 rooted with perseus alpha 32 kernel and no custom roms. I haven't updated to 4.1.2. This might only apply to note 2's with 4.1.2 so that might be the reason it doesn't want to work for me.