Reports from The Verge, Engadget, and Ars Technica suggest that a sequence of actions, beginning with pressing the emergency call button, allows various levels of access to each of the devices.
In the case of the iPhone running the latest version of iOS (6.1.2), a hacker gains access to the dialler application, which exposes your contacts and photos (by adding a photo to a contact) while allowing the person to phone any number to boot.
MyBroadband was able to verify this exploit on an iPhone 4S running iOS 6.1.2.
The vulnerability in the Samsung Galaxy Note 2 is less severe, as based on Engadget’s report and an accompanying video, a hacker can only make the home screen flash briefly.
Apps launched from there go to the background, though a direct dial button will cause the phone to call out.
Samsung’s Galaxy S3 lockscreen can be bypassed entirely by someone with physical access, giving them full access to everything on the device.
Once an attacker has worked around the lock screen, putting the S3 to sleep and waking it back up again brings up the home screen and not the lock screen. The only way to reactivate the lock screen at this stage is to power-cycle the device.
Resident MyBroadband smartphone reviewer, Gerrit Vermeulen, was able to verify that this vulnerability exists in a Samsung Galaxy S3 sold in South Africa.