Samsung Galaxy Note II, S3 exposed to partial "Emergency Call" lock-screen bypasses

An attacker in possession of a locked device can activate some call functions via the “emergency call” feature

Two of Samsung’s flagship smartphones running Android 4.1.2 appear to be vulnerable to separate partial screen lock bypasses via the “Emergency Call” screen.

UK-based mobile enthusiast Terence Eden published details of the simple bypass, which allows an attacker to briefly launch apps and dial numbers on a Galaxy Note II that is locked. An attacker may also be able to view other apps, such as calendar, email or other widgets.

An attacker in possession of a locked device can activate some call functions via the “emergency call” feature. Once inside the emergency call screen, the attacker would need to press the emergency contacts icon, and then hold down the physical home key for a few seconds. This briefly displays the apps on the device’s home screen and allows an attacker to make calls to contacts on the “direct dial” widget.

Eden says he published the attack partly because it has “limited value” -- since the apps that can be launched, although running in the background, are quickly concealed by the screen lock -- but also because Samsung had failed to respond to his disclosure five days after he reported it.

The attack and impact of Eden's discovery is very similar to a separate flaw reported to Samsung in February by UK vulnerability researchers at MTI Technologies. It reported a “partial screen-lock bypass” affecting Samsung’s Galaxy S3, running the same version of Android, which could be achieved via the Emergency Call function.

On the S3, an attacker could issue commands using Samsung’s voice assistant, S-Voice, via the Emergency Call screen, even when the phone is locked. Access is limited to phone features and apps the user has enabled S-Voice to access.

“[O]nly the actual phone / keypad becomes available to a user. Any other applications launched, will still open and execute commands but are not visible to a user and the device will revert back to the lock screen,” MTI reported on a Samsung developer forum.

Like Eden’s attack, limited functionality was gained via the Emergency Call and Emergency Contacts features. Instead of holding the button down, the attacker would need to press the Home button twice to activate S-Voice and then tap the assistant’s icon.

The attacker can instruct S-Voice to dial any number or contact (if the name is known) or access Voicemail. Asking “what is number” or “address” will cause the device to return the address associated with a contact, which may be able to be gleaned by peaking at the SMS inbox if there is an icon on the home page.

Although the apps opened would be concealed by the lock, an attacker could, for example, update the victim’s social media accounts if S-Voice was configured to do so.

Join the CSO newsletter!

Error: Please check your email address.

Tags samsungmobilitysecuritysmartphones

More about GalaxySamsung

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts