Lock screen exploits are becoming increasingly common in the mobile world. Four weeks ago there was the iPhone 5 passcode bug (which just got fixed yesterday...kinda). Then there were a couple lock screen bugs on the Samsung Galaxy S3 two weeks ago.
Now that GS3 lock screen bug has turned into a virus, affecting the rest of the Samsung mobile world, including the Samsung Galaxy Note 2, as well as any other Samsung device with Jelly Bean 4.1.2 installed. The new exploit technique, found by YouTube user Terence Eden, can be seen performed on the Galaxy Note 2 in the video below.
This exploit lets you launch the dialer and place a phone call, as well as lets you search for (and download) apps on Google Play by using the voice interface, which will disable the screen lock.
- From the lock screen, tap the emergency call button.
- Dial a non-existent emergency services number, such as 0.
- Press the green dial icon (dismiss the error message that appears).
- Press the phone's back button.
- The app's screen will be briefly displayed, but it's enough time for you to interact with the app.
- From there, you can run and interact with any app or widget and the settings menu.
While Samsung has yet to release an update to fix this issue, there is a way to partially defend against the exploit. All you need to do is disable your screen animations, which in turn reduces the amount of time the screen is displayed. To do this, you can go to:
- Settings -> Developer Options -> Window animation scale -> Off (repeat for Transition animation scale and Animator duration scale)
The exploit will still be on the phone, but it'll be much more difficult as you'll need to be quicker to bypass the lock screen.
Some also suggest using a different lock screen app, so you could always try that, too.