A pretty major security flaw was discovered in AT&T’s Galaxy S II that makes the security screen pretty much useless. What normally keeps unauthorized users out of your phone with a pattern lock or a PIN number is easily bypassed. All the intruder has to do is press the lock button to wake the screen, let the screen timeout and shut off, and wake the screen once more to find the security lock is now bypassed. The one catch to this is the device must have been unlocked once already, meaning unless it was just powered on and not unlocked yet your phone will be at risk. A Samsung spokesperson responded to an inquiry from BGR saying they are investigating the security threat while AT&T declined to comment at this time. Hit the break to see the security flaw in action and Samsung’s statement to BGR. Samsung noted there is a quick fix by setting the screen timeout to “immediately”, but who wants their screen timing out right away?
Samsung and AT&T are aware of the user interface issue on the Galaxy S II with AT&T. Currently, when using a security screen lock on the device, the default setting is for a screen timeout. If a user presses the power button on the device after the timeout period it will always require a password. If a user presses the power button on the phone before the timeout period, the device requests a password – but the password is not actually necessary to unlock it.
Samsung and AT&T are investigating a permanent solution. In the meantime, owners of the Galaxy S II can remedy the situation by re-setting their time-out screen to the “immediately” setting. This is done by going to the Settings ->Location and Security->Screen unlock settings->Timeout->Immediately.
[via bgr]