Thursday, March 7, 2013

Flaw in Samsung Note2 POP-UP Browser, allows attackers to bypass Android lock screen and throw open the internet browser

Just about was reading about the vulnerability which was discovered a couple days back with the Samsung Note 2. 
Co-incidentally I detected one which throws open the "POP-UP Browser" and its open pages to the attacker when the device is securely locked with a numeric or alphanumeric pass key.

When will it be flawed.
In the Note 2 there is Setting in 
Settings -> Lock screen-> Lock Screen options ->Information Ticker
If the Information Ticker is ON 
If you have accessed a site in the pop-up browser it will be vulnerable

How the attacker can
1) Lock the screen with secure lock like -- Pattern / Pin / Password 
2) Now click the home screen or power button to activate the phone
3) Click on the news or ticker item in the scroll
4) The un-locker password  screen will appear.
5) Now  instead of the lock pattern click on the "emergency call"
6) Boom!!!.. a pop up will appear with the item click and your "POP-UP Browser" provides free access to attacker..

So What if it appears
Attacker can access the Internet completely
From the pop up, attacker can replace the site with which ever he wishes to access..

Attacker can open a site whose details are stored and access your personal data(multiple sites)

Also the CLIPBOARD is vulnerable ----
Not only that, the attacker can also have the access to the clipboard items. If there is sensitive information (username / password) it would be thrown open to attacker 

What have I seen this flaw on
I have seen this only on my Samsung Note II N7100 with 4.1.2 update in India. The device does not have any rooted applications.
This may be possible on other phone variants as well which have the "POP-UP BROWSER"

Is there a way to avoid
1) Do no use the "POP-UP Browser"
2) Disable the Information ticker and this flaw be suppressed until a "POP-UP Browser" is open on the screen before the screen is locked.

Who is at fault
As per my observation, the "POP-UP Browser" is completely at fault. But I do not get a option to disable it completely.
Request the Samsung team to fix the Vulnerability in POP-UP Browser

No comments: