Security flaw on SGS2? - T-Mobile Samsung Galaxy S II SGH-T989

So, recently I put a lock on my phone (PIN lock and Password lock) and for some reason, my girlfriend has been able to get pass all of them. At first I thought I was using something too easy, like my name or our anniversary, so later on I tried a more random one that there is no way she could have known, but she also got pass that as well.
Does anyone know if there is a security flaw in our phones that allows it to bypass the password locks? I know that if I use Handcent, the popup text would show, but if you try to exit it or anything, it will go back to the password screen.

A good reason for me not to buy this phone. Lol. Maybe someone can chime in. I know the att one has a flaw.
Sent from my iPad 2 using Tapatalk

I know that the pattern locks on my HTC EVO often can be bypassed by swiping the wrong pattern. I've seen this happen on my SGS2 as well. I haven't used the PIN or password security but maybe they have a similar problem.

Nope, the security on the SGS2 after a couple tries prevents you from trying again for 30 seconds, but it does not let you login via Gmail after any number of attempted tries, which makes me wonder what would you do if you forgot your password...besides a master reset.

how about you just ask her how shes getting past it lol

DyingBlade said:
So, recently I put a lock on my phone (PIN lock and Password lock) and for some reason, my girlfriend has been able to get pass all of them. At first I thought I was using something too easy, like my name or our anniversary, so later on I tried a more random one that there is no way she could have known, but she also got pass that as well.
Does anyone know if there is a security flaw in our phones that allows it to bypass the password locks? I know that if I use Handcent, the popup text would show, but if you try to exit it or anything, it will go back to the password screen.
Click to expand...
Click to collapse
I've seen a video about this on YouTube. I think if you press the home button while on the lockscreen it bypasses it. Check on YouTube and you'll find the video of a guy demonstrating this.
Sent from my SGH-T989 using xda premium

al52025 said:
how about you just ask her how shes getting past it lol
Click to expand...
Click to collapse
She won't tell me how lmao.
I've seen a video about this on YouTube. I think if you press the home button while on the lockscreen it bypasses it. Check on YouTube and you'll find the video of a guy demonstrating this.
Click to expand...
Click to collapse
That works only when there is no password lock and you have to press the home button twice to bring up voice command. I tried it with password lock an it doesnt work.

DyingBlade said:
She won't tell me how lmao.
if it were me i would definitively break up with her if she didnt tell me haha
Click to expand...
Click to collapse

DyingBlade said:
So, recently I put a lock on my phone (PIN lock and Password lock) and for some reason, my girlfriend has been able to get pass all of them. At first I thought I was using something too easy, like my name or our anniversary, so later on I tried a more random one that there is no way she could have known, but she also got pass that as well.
Does anyone know if there is a security flaw in our phones that allows it to bypass the password locks? I know that if I use Handcent, the popup text would show, but if you try to exit it or anything, it will go back to the password screen.
Click to expand...
Click to collapse
If she knows your gmail pw then its easy....
Sent from my SGH-T989 using xda premium

So, recently I put a lock on my phone (PIN lock and Password lock) and for some reason, my girlfriend has been able to get pass all of them. At first I thought I was using something too easy, like my name or our anniversary, so later on I tried a more random one that there is no way she could have known, but she also got pass that as well.
Does anyone know if there is a security flaw in our phones that allows it to bypass the password locks? I know that if I use Handcent, the popup text would show, but if you try to exit it or anything, it will go back to the password screen.
Click to expand...
Click to collapse
Sent from my SGH-T989 using xda premium

DyingBlade said:
She won't tell me how lmao.
That works only when there is no password lock and you have to press the home button twice to bring up voice command. I tried it with password lock an it doesnt work.
Click to expand...
Click to collapse
Then Idk how she's doing it. Maybe she just knows your password.
Sent from my SGH-T989 using xda premium

Gmail login does not popup after any number of tries and I created the most random password (agmekt56) and unless she's psychic, there's no way she could have known.

She may be a tech ninja.lmafo

Figured it out... Take a screenshot. Then sweep the screen. I was just amazed that it worked myself. Feel free to hit the thanks button. Hahaha #fail. Can't wait to try it on coworkers tomorrow!!!
Sent from my Herc + EagleBlood V1

Check for lock screen screenshots too...
Sent from my Herc + EagleBlood V1

DyingBlade said:
Gmail login does not popup after any number of tries and I created the most random password (agmekt56) and unless she's psychic, there's no way she could have known.
Click to expand...
Click to collapse
The only way for her to be able to get through either your Password, Pattern or PIN code is either if she knows it or takes a screen shot of it. So unless there is some sort of flaw in your software there's no other way. I've been trying this all morning and you get the 30 second unlock, then some amount of minutes and eventually you will hard lock the phone.

I don't know, I'll try to get it out of her haha. Cause theres no way she can know cause I made the password as random as I can.

I can get into my phone without a PIN after I receive a text message. Maybe she's getting in that way?
I made a quick vid to show this problem: vimeo . com / 31067628 (remove spaces)

raquel13 said:
I can get into my phone without a PIN after I receive a text message. Maybe she's getting in that way?
I made a quick vid to show this problem: vimeo . com / 31067628 (remove spaces)
Click to expand...
Click to collapse
Do you have some sort of customization on your phone? because I have tried that as well and it did not unlock my phone at all. I sent two text from my Motorola Atrix to my Samsung Galaxy S II and the pin code was not bypassed at all. I tried it with each one individually Pattern, Pin, Password and none of them were bypassed by receiving an e-mail, text nor a missed call notification.

Figured it out!
Okay, so I figured it out. It's not a security flaw in the SGS2 itself, but more from handcent. When I get a text from handcent, it automatically pops up with the text message on my screen (quick text) and also unlock my screen. It is only supposed to unlock it when viewing the message, but after I reply to the message it should automatically relock my screen. But, this is not the case with the SGS2, when I get a text the message will pop up, but when I reply to it, it brings me to the unlock screen but when I swipe to unlock, it does not ask for the PIN/password.
So if any of you guys are using Handcent, I would turn the pop up feature off.

Related

"password unlock" window after unlocking?? screenshot, plz help me remove this

"password unlock" window after unlocking?? screenshot, plz help me remove this
Hi guys,
I have a funny problem, I've installed lockbot and some other lock-apps as test but removed all of them except lockbot
Now when I disable lockbot I have my normal lockscreen (power button + wipe down to unlock) but now I get an extra screen where I have to enter an unlock code (which seems to be my pin code) or emergency call
I can't find back in the settings how to disable this, anybody any idea?
PS I have stock ROM with launcherpro installed
Thx
B
Anyone?
Sent from my HTC Desire using XDA App
berre said:
Anyone?
Sent from my HTC Desire using XDA App
Click to expand...
Click to collapse
Remove it and install No Lock. Or SwitchPro Widget.
well I love lockbot except that it unlocks when receiving a call so I just want to return to my default way of unlocking (power-button + slide-down) without having to enter my pin code again
this is how it looks like, I have no idea where this is coming from
anybody any ideas what this might be?
Anyone please? I would really like to get rid of this....
Sent from my HTC Desire using XDA App
Are you syncing with an Exchange server?
I've had that dialogue box when I set up my Exchange mail.
Look here (translated from Swedish)
Settings -> Security -> Set screen lock
or something similar.
onlynik said:
Are you syncing with an Exchange server?
I've had that dialogue box when I set up my Exchange mail.
Click to expand...
Click to collapse
yep, I use Touchdown... however I used this on my HTC Magic as well and I never had the issue on that phone. I also have a seperate window for a pincode in Touchdown itself. Also when I disable the lock completely using switchpro I don't get this message anymore. If this is coming from exchange, I should probably still get the mentionned window... anyway I can try to uninstall just to test.
Orka82 said:
Look here (translated from Swedish)
Settings -> Security -> Set screen lock
or something similar.
Click to expand...
Click to collapse
don't have that... I can only
- set a pattern-lock (which doesn't work, I just get the window mentionned, when I enter my code it goes straight to my homescreen)
- enable/disable PIN code (when disabled I still get the mentionned window)
- enable visible passwords
- install certificates from sd-card
just uninstalled touchdown... no change, lockscreen remains...
anyone?
berre said:
yep, I use Touchdown... however I used this on my HTC Magic as well and I never had the issue on that phone. I also have a seperate window for a pincode in Touchdown itself. Also when I disable the lock completely using switchpro I don't get this message anymore. If this is coming from exchange, I should probably still get the mentionned window... anyway I can try to uninstall just to test.
Click to expand...
Click to collapse
The lock is requested by the security settings within Exchange. I would suggest removing you mail account from the phone to check, unless you have access to the Exchange server or a friendly Exhcange Admin.
I've uninstalled touchdown completely but lock screen remained..
Sent from my HTC Desire using XDA App
berre said:
I've uninstalled touchdown completely but lock screen remained..
Sent from my HTC Desire using XDA App
Click to expand...
Click to collapse
Have you tried to disable the other lock options? Go through them one by one and enable and disable them. Maybe reboot first/after.
djind said:
Have you tried to disable the other lock options? Go through them one by one and enable and disable them. Maybe reboot first/after.
Click to expand...
Click to collapse
in security settings I only have
- set a pattern-lock (which doesn't work, I just get the window mentionned, when I enter my code it goes straight to my homescreen)
- enable/disable PIN code (when disabled I still get the mentionned window)
furthermore I've uninstalled all lock-screen apps and touchdown (exchange) but that cr*ppy screen remains active
coming close to giving it up though think I'll just stick to lockbot or widgetlocker and buying a decent pouch
ehm... something I just found by accident: it doesn't matter what I enter in that lock window, it always unlocks (except when leaving blanc) !!
try this
http://www.xda-developers.com/android/lockpicker-now-updated-to-v0-94/
Hi,
tried that already (forgot to mention it)
never mind guys, Widgetlocker seems to be what I'm looking in a lockscreen and it seems stable so I'll stick to that
thanks for all the tips and hints... sometimes it's just not ment to be
cheers
B

[Q] override exchange pin/password policy

Has anyone come across a hack to override the exchange pin/password policy on the phone?
There is Lockpicker. However, it does not work with Froyo, unless installed before the update.
Sent from my HTC Desire using XDA App
Thanks. Sadly I need it on 2.2
Do you need it for your email? I guess yes, there is a thread with a hacked email apk at nexus section.
Sending, sending.. sent from my Desire!
nikosrs4 said:
Do you need it for your email? I guess yes, there is a thread with a hacked email apk at nexus section.
Sending, sending.. sent from my Desire!
Click to expand...
Click to collapse
I need it for the email indeed. I will look up the thread you have mentioned - thank you.
http://forum.xda-developers.com/showthread.php?t=775007
The easiest way for me: dial *#*#7594#*#*, check the box and that's it. There is still remote administration, but the phone won't ask you for any password each time you turn the screen on
oscarsalgar said:
The easiest way for me: dial *#*#7594#*#*, check the box and that's it. There is still remote administration, but the phone won't ask you for any password each time you turn the screen on
Click to expand...
Click to collapse
What does that do? I tried it on mine, but I have a hacked mail.aol so nothing came up.
Sent from my HTC Desire
oscarsalgar said:
The easiest way for me: dial *#*#7594#*#*, check the box and that's it. There is still remote administration, but the phone won't ask you for any password each time you turn the screen on
Click to expand...
Click to collapse
I tried that but nothing happened. Actually, when I try to dial that as soon as I type the last * it disappears, so I can't even "call" that.

Locked out

Hi all, I know there are many posts on this, but I have a customer with an i9000 and locked out of phone with pattern, and has forgotten pattern. No 3 button download, and not in debugging mode. so no 3 buttin fix. Am I wasting my time, should I just tell then to send it off to the service centre.
Regards tony
Sent from my GT-I9000 using XDA App
tonyg_253 said:
Hi all, I know there are many posts on this, but I have a customer with an i9000 and locked out of phone with pattern, and has forgotten pattern. No 3 button download, and not in debugging mode. so no 3 buttin fix. Am I wasting my time, should I just tell then to send it off to the service centre.
Regards tony
Sent from my GT-I9000 using XDA App
Click to expand...
Click to collapse
Uhm.. Perhaps you could try adb from a PC and do "adb reboot recovery" and then wipe your phone to default?
us1111 said:
Uhm.. Perhaps you could try adb from a PC and do "adb reboot recovery" and then wipe your phone to default?
Click to expand...
Click to collapse
If I remember correctly it doesnt work.
But you could flash the 3 button fix - thats a start and maybe ypu can reflash it or something (no idea if it works).
use search function next time, and dont make post in development... its all in the STICKY!
Try to put your gmail login info from all different gmail account you have.
Also try this. Take out battery>wait for 3 hours > but the battery back > press power button for 20 seconds (This method was listed by one guy on other forum).
One guy also mentioned this method.
AGAIN ITS the lamest thing you could ever think of, anyway heres how it goes,
1) Log in to your google account on your pc, the same account you registered for your phone
2) After logging in look at the top right corner of your inbox/email page, it would say your google username. Like say if you name is John, and you have a google id thats registered to your galaxy s as ,[email protected] Now this google id on the top right corner of the page would be displayed [email protected]
3) Type in the google id, thats visible on the right hand top corner of your page ([email protected]) into your galaxy s handset locked page, and type in the password.
TADA AND YOUR ON TO THE NEW SCREEN TELLING YOU TO PUT IN ANOTHER PATTERN.
Thanks
Zoh
If you cant login by computer then go here
HTML Code:
https://www.google.com/accounts/recovery
...And if you don't remember your secret (recovery) question then try the following method (check the link)
EDIT: you can also try this (very helpful to lot of ppl with the same problem) http://www.docstoc.com/docs/39761478...d---Locked-Out
Any way try all the methods and let me know if it works...BEST OF LUCK
or try recover mode and wipe all data
or try
this solution is with thanks to another person on another site...
You need a WiFi connection available for this to work!
1) Call your phone from a different phone.
2) Answer the call. While still connected...
3) Hit the BACK button on the phone (the arrow softkey)
4)This takes you to the home screen (it might take a few attempts, it depends on your timing. It took me 4 attempts)
5)Drag down your notifications bar and turn the WiFi on if it isn't already.
6)Close the notifications bar then hit the MENU softkey, select Settings then "Accounts and sync".
7)Click "Add Account" and select Google.
8)Sign up for a new google account as normal.
9)When the signup process is complete (and it must successfully create an account) you can hang up the call. (Do not sync the accounts)
10)Now when the phone asks you to unlock it using google credentials, use the ones from the account you just created. It will now ask you for a new security pattern, then for the same pattern again to verify.
11)Once you are back into the phone, turn off this "feature" until Google release a fix for the bug.
12)You can now delete the "false" google account which you just created from the phone. You should log into google and delete it from there too really.
13)Now reboot your phone. When the phone starts up and it still says "Phone Locked" don't panic!, Just drag the screen out of the way to unlock the phone, just like you did before you activated the pattern security.
Let's hope the guy remembers his google account details.
Seriously though, if you are not going to be able remember your combination lock..... why make it so complicated in the first place?
Thanks for the copy and paste, yeah I've tried all that, I was just after an opinion from the experts.
But doesn't look like I'm going to get one.
No probs, I'll just get my customer to send out back to service centre.
Tony.
Sent from my GT-I9000 using XDA App
tonyg_253 said:
Hi all, I know there are many posts on this, but I have a customer with an i9000 and locked out of phone with pattern, and has forgotten pattern. No 3 button download, and not in debugging mode. so no 3 buttin fix. Am I wasting my time, should I just tell then to send it off to the service centre.
Regards tony
Sent from my GT-I9000 using XDA App
Click to expand...
Click to collapse
if 3 button download mode doesnt work, try this:
http://forum.xda-developers.com/showthread.php?p=8901928#post8901928
it would mean all phone contents will be lost though
Awesome, thanks for the info.
ill get my soldering iron out
Regards Tony

Forgot PIN. Can't Change Security Settings

I have setup my phone for Screen Unlock. Unfortunately, I have forgotten the PIN I set as an alternative. I can still get onto my phone, but I can't change the PIN as, obviously, it requires you to enter the PIN that was set. I'm doing a nandroid restore to hopefully see if this works. Any way to change it without nandroid or restoring to factory settings for future reference?
Simply enter your pin wrong a couple of times (on the login) and it should ask you to login with your Google account instead allowing you to change or remove the pin.
What the guy above me said. Try to log in multiple times and it will prompt you to enter your gmail password.
Sent from my Galaxy Nexus using xda app-developers app
Please post Questions in the Question & Answer (Q&A) sections.
mortenmhp said:
Simply enter your pin wrong a couple of times (on the login) and it should ask you to login with your Google account instead allowing you to change or remove the pin.
Click to expand...
Click to collapse
This doesn't seem to work. I've tried entering the wrong password on the lockscreen multiple times and all it says is 'Try again.'.
Sent from my Galaxy Nexus using xda premium
UnknownFearNG said:
This doesn't seem to work. I've tried entering the wrong password on the lockscreen multiple times and all it says is 'Try again.'.
Sent from my Galaxy Nexus using xda premium
Click to expand...
Click to collapse
it should but you'll have type it in wrong a bunch of times, wait the 30 seconds for it to let you try again and keep doing it til it asks for the gmail password, I think it was after the 30 minute timer that it'll ask for the password
Edit: Nevermind what I'd said, I just tried it with mine and got up to 100 wrong passwords and it still won't let me use the gmail password.

Forgot Password For Cell

Hello
I have a T-Mobile Galaxy S2 [NOT updated to ICS, still running on gingerbread]
last night I put a password or pin on the phone under the security section, but now I cannot remember it. I asked T-mobile if they could reset it, however, the only thing they offered to do was guide me through a factory reset, which I do not want to do.
Is there any way to retrieve the password/pin?
thanks
PS - Pls don't tell me to reset the phone, as i already have been given that option
Reset the phone. Jk if u type it in wrong 5 times in a row a new option will appear that says forgot password. Then just sign in ur Google account and thats it
Sent from my Galaxy Nexus using xda premium
moeahmad1995 said:
Reset the phone. Jk if u type it in wrong 5 times in a row a new option will appear that says forgot password. Then just sign in ur Google account and thats it
Sent from my Galaxy Nexus using xda premium
Click to expand...
Click to collapse
thank for the reply!
unfortunately, I did that so many times but the only message it is giving is "You have incorrectly entered your PIN 5(10, etc) times. Please try again in 30 seconds."
the option to get it via email seems to have disappeared!
sphogat said:
thank for the reply!
unfortunately, I did that so many times but the only message it is giving is "You have incorrectly entered your PIN 5(10, etc) times. Please try again in 30 seconds."
the option to get it via email seems to have disappeared!
Click to expand...
Click to collapse
I think that's only for ics.you can only enter email on ics
sphogat said:
thank for the reply!
unfortunately, I did that so many times but the only message it is giving is "You have incorrectly entered your PIN 5(10, etc) times. Please try again in 30 seconds."
the option to get it via email seems to have disappeared!
Click to expand...
Click to collapse
Flash ics through odin...You won't lose any media. You will lose everything else though.
Or factory reset...those are your only options at this point. Unless you see a button on your local screen that says forgot password then you can enter your gmail. But other then that, not much anybody can do as far as i know
sent from my T989 full of CM awesomeness and a touch of Venom from the Darkside!!
Its not only ics. I do it to my lil bros g2x all the time to get him mad and that phone is on GB
Sent from my Galaxy Nexus using xda premium
What are you afraid to lose?
If you can figure out which file is the security file and all that... I guess you can always flash/push a "stock" one to it, which should remove the password. This is only theoretical. I don't know which file it is either.
Sent from my SGH-T989 using xda app-developers app
I'd say think harder lol. How do you forget a password you made, within a day?
Bluntified said:
I'd say think harder lol. How do you forget a password you made, within a day?
Click to expand...
Click to collapse
Usually you don't... its called being shady and might not be his phone or possibly a found or stolen device.
Most of us on here have our stuff backed up and a factory reset isn't a big deal. Now some of us don't have our apps backed up, but have our contacts and such backed up thru Google. Every time I see these threads they generally get shut down by a mod..
thederekjay said:
Usually you don't... its called being shady and might not be his phone or possibly a found or stolen device.
Most of us on here have our stuff backed up and a factory reset isn't a big deal. Now some of us don't have our apps backed up, but have our contacts and such backed up thru Google. Every time I see these threads they generally get shut down by a mod..
Click to expand...
Click to collapse
LOL Shady is what I was thinking right after I read it..
I got locked out of my phone because my son was playing with it. It's asking for google account. I put in the google account and password but still doesn't take it. Can I bypass the google and pin code without losing data?

Categories

Resources