A new hacking technique has been discovered that allows unauthorized users to bypass the device lock screen on Android smartphones.
The technique was discovered by Terence Eden, who posted it to his personal blog. It was demonstrated on a Samsung Galaxy Note 2 running Android 4.1.2. Using his method, a user could make a phone call, record from the microphone, interact with a server, play music, or view the phone's calendar or emails, all without getting past the device's lock screen.
Eden was able to accomplish this by hitting the home screen button to cause it to briefly display the home screen of phone, which could allow you to run apps by quickly tapping on them.
Eden feels that while this is "a reasonably small vulnerability." "If the person has direct-dial on there, you will be able to dial it." Additionally, "Rapidly tapping the home button will -- depending on your launcher -- allow you to see what is on every home screen. Using an external video camera you should be able to clearly see all the user's calendar & email widgets if they have enabled them."
Luckily, this seems to be a relatively low-level hack, and probably does not present a significant vulnerability in the device's software. Cameron Camp, a security researcher at Bratislava, says the real issue is actually the amount of time it will take for Google to get a fix out. A patch released by the company would have be routed to the handset manufacturers, and then to the carriers, who can then finally release it to the actual device owners.
If a more noteworthy vulnerability is found in the future, it will likely be able to do some significant damage before affected phone owners will be able to receive the fix.