Just following the discovery of the “massive security” vulnerabilty in the HTC smartphones, BGR has uncovered a major security flaw on AT&T’s Samsung Galaxy S II that would allows anyone using a simple workaround, to bypass the unlock pattern, which normally denies users access to an Android device unless a preset pattern is drawn on a grid of nine dots spread across the device’s lock screen. Even, the flaw allows users to bypass PIN security as well.
In short, If you’ve a PIN or an unlock pattern set, to bypass it, all you need to do is “simply tap the lock button to wake the display and then let the screen time out and go black. Tap the lock button again and low and behold, the unlock screen is gone and the phone can be accessed with no PIN or pattern input whatsoever,” explains BGR.
Adding, this security workaround exists as long as the phone has been successfully unlocked using the proper pattern or PIN at least one time, so the lock cannot be bypassed immediately after the device is powered on. Of course the first thing a user does after powering on a phone is unlock it, so lost and unattended devices are at risk unless they have been powered off since last being used. Of note, users with Microsoft Exchange security policies don’t seem to be affected.
Samsung in a statemenet issues to BGR said that it and AT&T “are investigating a permanent solution” to this flaw. Samsung’s statement adds, “In the meantime, owners of the Galaxy S II can remedy the situation by re-setting their time-out screen to the “immediately” setting. This is done by going to the Settings ->Location and Security->Screen unlock settings->Timeout->Immediately.”
Watch the video below demonstrating the way around the lock: