Security flaw discovered in AT&T's Galaxy S II lock screen

BGR has come across a security flaw limited to AT&T's Galaxy S II where the secure lockscreen can be bypassed without having to enter the password using a simple trick.

Most of you will be aware of the pattern and password lockscreen options available in Android, along with the regular non-secure swipe lockscreen. They require a specific pattern or a number to be entered to unlock the device. With this little hack, however, you can easily bypass either of the two locks.

As you can see in the video above, all one has to do to bypass the lock is wait for the display to timeout on its own and then press the power button. This removes the previous secure lockscreen and replaces it with a standard, non-secure lockscreen.

Depending upon what you store on your device, you may think of this as trivial or a matter of national security. Either way, you'll be glad to know that Samsung and AT&T have acknowledged the issue and working on fixing it.

We received an official statement from Samsung regarding the issue. See it below.

Samsung and AT&T are aware of the user interface issue on the Galaxy S II with AT&T. Currently, when using a security screen lock on the device, the default setting is for a screen timeout. If a user presses the power button on the device after the timeout period it will always require a password. If a user presses the power button on the phone before the timeout period, the device requests a password – but the password is not actually necessary to unlock it. Samsung and AT&T are investigating a permanent solution. In the meantime, owners of the Galaxy S II can remedy the situation by re-setting their time-out screen to the “immediately” setting. This is done by going to the Settings->Location and Security->Screen unlock settings->Timeout->Immediately.

Source