Samsung (005930) has been pushing its enterprise-ready smartphones to business customers lately, but the company could hit a roadblock after a vulnerability was discovered on the Galaxy Note II. The security flaw, which allows an attacker to bypass the device’s pattern lock, PIN code, password and face unlock security features, was discovered recently by Terence Eden. Similar to the iPhone vulnerability uncovered last month, the Galaxy Note II’s security flaw can be exploited through the “Emergency Call” feature on the lock screen. Once inside the emergency call feature, an attacker can hold the home button to briefly see the home screen and, if timed correctly, users will be able to direct-dial a contact.
The vulnerability affects the Galaxy Note II running Android 4.1.2, however it could exist in other devices that feature Samsung’s TouchWiz user interface. Eden notes that this is a “reasonably small vulnerability” with “limited value,” unlike the recent security hole found in Apple’s (AAPL) iPhone that allows unauthorized users to make calls, views contacts and listen to voicemails.
A video demonstrating the Galaxy Note II vulnerability follows below.