Major security flaw lets anyone bypass Samsung Galaxy S II security

Discussion in 'Apple, Inc and Tech Industry' started by MojoDojo, Sep 30, 2011.

  1. MojoDojo macrumors member

    Joined:
    Aug 19, 2011
  2. Skika macrumors 68030

    Joined:
    Mar 11, 2009
    #2
    Oh no, this is concern- wait... i have an iPhone.

    loldontcare.
     
  3. KingCrimson macrumors 65816

    Joined:
    Mar 12, 2011
    #3
  4. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #4
    That is a pretty big flaw for users that use the security feature.

    If the phone was stolen, I am pretty sure the their might stumble upon that bypass.

    But, many users, including those with iPhones don't use the lock screen security feature so this is often irrelevant.
     
  5. yg17 macrumors G5

    yg17

    Joined:
    Aug 1, 2004
    Location:
    St. Louis, MO
  6. Rodimus Prime macrumors G4

    Rodimus Prime

    Joined:
    Oct 9, 2006
    #6
    well read it, watch the video and honestly it is not that bad. Lets face it not many really use lock codes on their phone or pretty much tell anyone their code.

    It appears to only be the AT&T model and samsung is already working on the fix. Over all this is a very very minor bug that will more than likely be fixed by say the end of October. Giving them a month because that gives them a week fix and test it internally and then AT&T being AT&T 3 weeks to bother approving it.

    It is mostly fud but over all a very very minor bug that will be fixed quickly only effecting AT&T Galaxy S which leads me to believe that it is something AT&T required Samsung to add to the phone that causing this problem.
     
  7. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #7

    That was also a major issue but it isn't as bad as this issue impacting samsung.
     
  8. Rodimus Prime macrumors G4

    Rodimus Prime

    Joined:
    Oct 9, 2006
    #8
    and goes back to fact like I pointed out that it will be patch in by the end of Oct and only effects AT&T.
    Safe to say that time wise that this bug will be there a much short time span that the Apple bug.

    Mix that with the OTA update and notifications it will be by far better and faster than Apple fixing its bug and getting it patched. I am willing to bet that 99% of them will be patched compared to the much slower update rate for iOS.
     
  9. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #9
    It should be fixed faster, this flaw actually provides total access to the device.

    There was no significant data exposure with the iOS flaw. In reality, that iOS flaw was FUD.

    This samsung flaw has some real security implications.

    But, it makes no difference if users aren't using the feature. This is true of any phone.
     
  10. r.j.s Moderator emeritus

    r.j.s

    Joined:
    Mar 7, 2007
    Location:
    Texas
    #10
    Correct me if I'm wrong, but this phone isn't even available to the general public yet - making it a non-issue for now.
     
  11. SevenInchScrew macrumors 6502a

    SevenInchScrew

    Joined:
    Jun 23, 2007
    Location:
    Omaha
    #11
    Correct. It goes on sale Sunday.
     
  12. ChazUK, Sep 30, 2011
    Last edited: Sep 30, 2011

    ChazUK macrumors 603

    ChazUK

    Joined:
    Feb 3, 2008
    Location:
    Essex (UK)
    #12
    It seems it's only limited to the AT&T version. I can't get my SGS II to do it for love nor money. :eek::cool::p
     
  13. SevenInchScrew macrumors 6502a

    SevenInchScrew

    Joined:
    Jun 23, 2007
    Location:
    Omaha
    #13
    Correct as well. I tried it with my 3 Android phones, 2 of which are Samsung, and none of them do it. It appears that something AT&T did when modifying the phone for their use screwed it up.
     
  14. Rodimus Prime macrumors G4

    Rodimus Prime

    Joined:
    Oct 9, 2006
    #14
    True. It goes on sale Sunday and it will be a fast fix.

    Well lets look at it honestly. A vast majority of people do not use pin codes on there phones at all. The Android lock screen has a much much higher usage rate than the iPhone pin code screen because it is easier to use. Now Pin code is by far more secure than the dot screen but also much more incontinent to use.

    As for the bug itself I bet it can be fixed with 2-3 lines of code. I am willing to bet it is a Boolean variable that is not getting changed correctly. On start up it is correct but after it is entered once it getting changed to my guess True and then failing to get changed back to false.
    Heck it could be as simple as the setter is screwed up.

    Either way it is going to be a very quick fix and most of the time will be spent in getting approval form AT&T
     
  15. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #15
    Does AT&T offer any services that other carriers don't provide that would require AT&T to be able to bypass the lock?

    Is there anything different about AT&T's update process or syncing than android phones from other carriers?

    It could be related to not having to unlock the phone each time it is synced to the user's computer.
     
  16. SevenInchScrew macrumors 6502a

    SevenInchScrew

    Joined:
    Jun 23, 2007
    Location:
    Omaha
    #16
    No, they simply screwed up when cooking their version of the OS for the phone. Nothing more. As others have said, it is a simple fix, and I would expect an OTA update shortly. Possibly even before Sunday's release.
     
  17. Rodimus Prime macrumors G4

    Rodimus Prime

    Joined:
    Oct 9, 2006
    #17
    Just AT&T rom got messed up. It could be in AT&T radio stack, or how AT&T talks back when tethering, or custom AT&T apps baked into the Rom. Very simple bug.
    If you have done enough coding and testing you can easily see how this type of bug slips threw. It in an area that is not heavily tested and a simple Boolean variable got screwed up and heck it could be as simple as a bracket needs to be up or down 1 line of code. Or a line was commented out during testing and forgot to be uncommented afterwards by the dev.

    I know I have done it multiple times on asignments when I was coding that a simple error like what I am talking happened all because of minor line of code and normally always happen during debugging testing tracking down one bug screwing up another part by simple forgetting. Mind you it is caught in the final run threw but generally it was on a key part of the program. Quick fix. This one is in one of those areas that just would not be caught during standard testing and was missed.

    Heck I would not be surprised at all if it is not already fixed and in internal testing for a role out next week.
     
  18. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #18
    Link to source for this speculation?

    In reality, most users don't need lock screen security except to prevent someone from making calls from the device if stolen.

    Users in environments where this type of security is required have to use character based passwords on these devices.

    And, this issue doesn't affect these samsung phones that are using character based passwords.

    In terms of a review of both iOS and Android security, this is already well known.

    Screen Shot 2011-09-30 at 2.01.20 PM.png

    http://www.symantec.com/content/en/us/about/media/pdfs/symc_mobile_device_security_june2011.pdf
     
  19. ChazUK macrumors 603

    ChazUK

    Joined:
    Feb 3, 2008
    Location:
    Essex (UK)
    #19
    It's still wrong that it slipped out into reviewers hands. It highlights one of the perils of letting carriers ****** with firmware, something Apple simply won't do.
     
  20. Rodimus Prime macrumors G4

    Rodimus Prime

    Joined:
    Oct 9, 2006
    #20
    Come one basic logic should tell you that it is true. Look at people unlocking there phones in public and make a note.
    You will see people who have android phones using the dote pattern unlock code much more often than say an iPhone user using their pin unlock code.

    It is simple much much easier to use.

    Take a note and look around. I am willing to bet a lot more people will noticed what I stated than not.

    Dote unlock code is going to have a much higher usage rate than the pin code.
     
  21. KingCrimson macrumors 65816

    Joined:
    Mar 12, 2011
    #21
    There is still 0 OS X viruses in the wild. 0, nada, ZIP.
     
  22. Rodimus Prime macrumors G4

    Rodimus Prime

    Joined:
    Oct 9, 2006
    #22
    and there are still zero Android Viruses in the wild and this is off topic so what is your point?
     
  23. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #23
    Android has a much bigger security issue than the one presented by the OP.

    This flaw affects all Android devices.

    http://blog.duosecurity.com/2011/09/android-vulnerabilities-and-source-barcelona/
     
  24. roadbloc macrumors G3

    roadbloc

    Joined:
    Aug 24, 2009
    Location:
    UK
    #24
    Major security flaw on an unreleased phone? My goodness. :rolleyes:
     
  25. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #25

Share This Page