AT&T’s Galaxy S II Security Flaw Leaves Phone Vulnerable
A security flaw has been uncovered on the newly released Sasmung Galaxy S II for U.S. carrier AT&T where if the pattern unlock screen is left to time out, promptly waking the Android smartphone would unveil the slide to unlock screen allowing the user to bypass any security locks on the device.
The flaw was first uncovered by BGR, and since that site has made the issue public, Samsung and AT&T has issued a statement and a temporary fix to the solution.
Samsung and AT&T are aware of the user interface issue on the Galaxy S II with AT&T. Currently, when using a security screen lock on the device, the default setting is for a screen timeout. If a user presses the power button on the device after the timeout period it will always require a password. If a user presses the power button on the phone before the timeout period, the device requests a password – but the password is not actually necessary to unlock it.
The two companies say that they are working on a more permanent fix, but for now, to keep your data safe if you own the AT&T version of Sasmung’s second-generation Galaxy S II flagship, you should implement the following:
Samsung and AT&T are investigating a permanent solution. In the meantime, owners of the Galaxy S II can remedy the situation by re-setting their time-out screen to the “immediately” setting. This is done by going to the Settings ->Location and Security->Screen unlock settings->Timeout->Immediately.
The pattern unlock screen was first introduced on Android as a quick and simple way to unlock a phone without having to enter in a PIN or complex alpha-numeric password. However, in the past, security experts also caution against using a pattern unlock mechanism as a way to secure a phone as swiping your finger on the screen to trace the pattern may leave fingerprints. If someone else found your phone, they can easily re-trace your pattern by following the fingerprints you’ve left behind.