HOW TO:

• From the lock screen, hit the emergency call button.
  
• Dial a non-existent emergency services number - e.g. 0.
  
• Press the green dial icon.
  
• Dismiss the error message.
  
• Press the phone's back button.
  
• The app's screen will be briefly displayed.
  
• This is just about long enough to interact with the app.
  
• Using this, you can run and interact with any app / widget / settings menu.
  
• You can also use this to launch the dialler.
  
• From there, you can dial any phone number (one digit at a time) and place a phone call.
  
• With Google Play, you can search for apps using the voice interface.
  
• You can download apps from the app store which will disable the screen lock.

UPDATE 2013-03-20T16:54:12+00:00

YouTube user "bicecream88" has alerted me to a way to partially defend against this attack.
By disabling your screen animations, it is possible to reduce the amount of time the screen is displayed.
Settings -> Developer Options -> Window animation scale -> off
Repeat for Transition animation scale and Animator duration scale.
The vulnerability is still present - but you need to be a lot quicker in order to exploit it.

I reported this flaw to Samsung in late February. They are working on a patch which they assure me will be released shortly.
I have delayed public disclosure of this vulnerability. I also asked if they wanted me to delay publication until a patch was ready - however they declined this offer.
If you discover a security issue with Samsung's mobile products, I strongly encourage you to email m.security AT samsung.com
They will provide their PGP public key if you wish to ensure your communications with them are secure.

- Terence Eden