Samsung Galaxy Note II, S3 exposed to partial "Emergency Call" lock-screen bypasses

An attacker in possession of a locked device can activate some call functions via the “emergency call” feature
  • Liam Tung (CSO Online)
  • — 05 March, 2013 09:08

Two of Samsung’s flagship smartphones running Android 4.1.2 appear to be vulnerable to separate partial screen lock bypasses via the “Emergency Call” screen.

UK-based mobile enthusiast Terence Eden published details of the simple bypass, which allows an attacker to briefly launch apps and dial numbers on a Galaxy Note II that is locked. An attacker may also be able to view other apps, such as calendar, email or other widgets.

An attacker in possession of a locked device can activate some call functions via the “emergency call” feature. Once inside the emergency call screen, the attacker would need to press the emergency contacts icon, and then hold down the physical home key for a few seconds. This briefly displays the apps on the device’s home screen and allows an attacker to make calls to contacts on the “direct dial” widget.

Eden says he published the attack partly because it has “limited value” -- since the apps that can be launched, although running in the background, are quickly concealed by the screen lock -- but also because Samsung had failed to respond to his disclosure five days after he reported it.

The attack and impact of Eden's discovery is very similar to a separate flaw reported to Samsung in February by UK vulnerability researchers at MTI Technologies. It reported a “partial screen-lock bypass” affecting Samsung’s Galaxy S3, running the same version of Android, which could be achieved via the Emergency Call function.

On the S3, an attacker could issue commands using Samsung’s voice assistant, S-Voice, via the Emergency Call screen, even when the phone is locked. Access is limited to phone features and apps the user has enabled S-Voice to access.

“[O]nly the actual phone / keypad becomes available to a user. Any other applications launched, will still open and execute commands but are not visible to a user and the device will revert back to the lock screen,” MTI reported on a Samsung developer forum.

Like Eden’s attack, limited functionality was gained via the Emergency Call and Emergency Contacts features. Instead of holding the button down, the attacker would need to press the Home button twice to activate S-Voice and then tap the assistant’s icon.

The attacker can instruct S-Voice to dial any number or contact (if the name is known) or access Voicemail. Asking “what is number” or “address” will cause the device to return the address associated with a contact, which may be able to be gleaned by peaking at the SMS inbox if there is an icon on the home page.

Although the apps opened would be concealed by the lock, an attacker could, for example, update the victim’s social media accounts if S-Voice was configured to do so.

Tags: samsung, security, mobility, smartphones

Coding error protects some Android apps from Heartbleed

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Sophos Mobile Control

Data protection, policy compliance and device control for mobile devices

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).

  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.