6 March 2013ZDNet:
For those wanting to verify whether their own devices are vulnerable, McMillian’s instructions are as follows:
- On the code entry screen, press Emergency Call
- Press Emergency Contacts
- Press the Home button once
- Just after pressing the Home button, press the power button quickly
- If successful, pressing the power button again will bring you to the S3’s home screen.
The flaw comes shortly after it was revealed that the lock screen in iOS 6.1 can be completely bypassed, again using the emergency call feature.
iOS’ security model meant that the 6.1 lock screen bypasses kept most user data secure1, but the same doesn’t apply with Android. Get past the lock screen and the intruder can read everything.
Of course, you still need physical access to a device to pull off any of these exploits, so at the end of the day, the real-world threat is arguably insignificant.
1 Contacts were accessible, however.