

New Samsung Security Flaw - Disable Lockscreen, Total Control - edent
http://shkspr.mobi/blog/?p=7765

======
zheng
So, the author says that this attack doesn't rely on precise timing, but I
couldn't get this to work at all. The first couple times I tried it, I wasn't
even sure that there was a flash of the application, and once I could (I
think) see it, there was no chance in hell of doing anything with it. I'm not
too worried about this one.

(SIII, 4.1.2)

~~~
tallanvor
I couldn't reproduce on a Galaxy SIII either - maybe it never affected the
device or they've already patched it (My kernel version is 3.0.31-996085 from
Feb 25.)

~~~
zheng
Interestingly, I've got 3.0.31-861013 from Feb 14, which should be before this
exploit was reported. This makes me skeptical that it ever did work on the
SIII, as the more I try this, the less convinced I am that I'm actually seeing
any flash of an app.

------
Argorak
Recognizing that it is not politically correct in these parts to pose this
question, I sometimes wonder if the Samsung team (which seems like a highly-
skilled, competent team) regrets building on Android...

~~~
dman
I am sure that when theyre not busy cashing checks for billions of dollars
every year they look at Nokia and RIM and wish they had tried to build their
own platform too.

~~~
jychang
All the responses to the parent comment are missing the reference. It's a
rephrasing of a comment on another post on HN, about Ruby on Rails.

"Recognizing that it is not politically correct in these parts to pose this
question, I sometimes wonder if the Github team (which seems like a highly-
skilled, competent team) regrets building on Rails." [1]

[1] <https://news.ycombinator.com/item?id=5404719>

------
ck2
Bet the attack doesn't work on CM10 (Cyanogenmod) which people should be
running anyway instead of basic android, it's amazing.

~~~
jug6ernaut
You are correct, this does not affect CM. But you are completely wrong
implying having CM protects your device. To get CM you have to unlock your
bootloader giving you full access to everything on the device. Unless you
explicitly relocked your bootloader after you installed CM your phone is about
as wide open as it can get if someone stole it.

~~~
timmins
Pardon my ignorance, is there another option besides relocking? I believe in
the Nexus One days, relocking took quite some time to solve. I'm wondering if
that's still the case.

And my last ignorant question, if you relock are there any complications
running a custom ROM such as CM? Specifically, on reboot. Thanks.

~~~
jug6ernaut
I cant remember specifically for the Nexus One, but i believe its the same as
the modern nexus and samsung devices(devices that provide an official way to
unlock).

When you unlock a device it wipes the entire device, so your data would not be
at risk.

I do not know if it wipes it when it relocks it, but no it is not a
complicated task. All it requires is one command.

"fastboot oem lock" to lock

and

"fastboot oem unlock" to unlock(wipes device).

------
Zircom
I've actually had this happen sporadically just unlocking my SIII. Whatever
app or homescreen had been on before locking it would flash in for a second or
two before going to the lockscreen. Never paid it much attention.

------
uribs
Huge fines are needed for these mistakes (say $100k per exposed user).

These catastrophic mistakes will only stop if a single one can easily bankrupt
your company.

~~~
dan1234
EULAs and disclaimers would simply be reworded to protect the company.

Or the company could spin off a subsidiary with no assets, which would produce
and licence the software to the parent company.

User education, better QA and timely security updates (for the inevitable
mistakes) are what is really needed.

