Samsung's newest smartphone model— Galaxy S II with AT&T—reached the public for sale Sunday. Only problem? That pattern lock (standard smartphone security nowadays) that keeps information private has turned out not to be so secure. In fact, according to TechCrunch staff, it's“pretty much useless.”
Normally a smartphone will lock after a period of idleness, requiring an unlock pattern to access applications or data after timing out. In the case of Galaxy S II, the user simply has to tap the lock button that wakes the display and then allow the screen to go black again. Tap it again and the unlock screen disappears, allowing the user to access the phone with no PIN or pattern at all.
Not exactly the pinnacle of security for an item as information-sensitive as a smartphone.
The flaw, uncovered by mobile consumer reporters at BGR, was recently confirmed by Samsung, which released this comment:
Samsung and AT&T are aware of the user interface issue on the Galaxy S II with AT&T. Currently, when using a security screen lock on the device, the default setting is for a screen timeout. If a user presses the power button on the device after the timeout period it will always require a password. If a user presses the power button on the phone before the timeout period, the device requests a password – but the password is not actually necessary to unlock it.
Samsung and AT&T are investigating a permanent solution. In the meantime, owners of the Galaxy S II can remedy the situation by re-setting their time-out screen to the“immediately”setting. This is done by going to the Settings->Location and Security->Screen unlock settings->Timeout->Immediately.
Unfortunately, the issue isn't the first of security loopholes for smartphones. Droid owners and HTC users have also experienced safety scares as the kinks are worked out in models. Some were bypassed by the use of a nearby magnet. Others, a repeated combination of random keys. And it probably doesn't help that by typing “bypass pattern security lock on smartphone” into Google scores of advice forums turn up, helping users override security features.
But using phones as mini-computers automatically puts these mobile users in danger of easy exploitation by data thieves. In the wrong hands, phone owners' e-mail accounts, cookied web pages, contacts, passwords, private notes, calendar reminders, account information, etc. are all at risk.
In fact, if these pattern locks are the primary security features for a smartphone and they begin to crumble, we may have to move in a more serious direction of identity protection with tools such as fingerprinting and voice and/or retinal identification. And who knows how much that will cost?
By the way, my LG dumbphone is still going strong.