SECURITY FLAW! Google Voice Actions usable on lock screen!


Last Updated:

  1. barakaspeed

    barakaspeed Member This Topic's Starter

    Joined:
    Oct 12, 2010
    Messages:
    5
    Likes Received:
    0
    I just noticed yesterday accidentally that you can press and hold the search button on the lock screen and perform anything Google Voice Actions is capable of. I am using a Droid 2 unrooted. This may affect the Droid X as well.

    This is a huge security flaw in Motorola's modified pattern/PIN lock screen. Hopefully this thread garnishes enough attention so that this can be patched soon!


    Steps to reproduce:

    1. Lock your screen
    2. Press and hold the search button "magnifying glass"
    3. Speak any voice action and the phone will respond. Note: you will not get any visual or audible cues (in Google Voice Actions) that it is working, but it is!
     

    Advertisement
  2. A.Nonymous

    A.Nonymous Well-Known Member

    Joined:
    Jun 7, 2010
    Messages:
    7,061
    Likes Received:
    965
    How do you know it's working if you don't get any visual or audio cues?
     
  3. barakaspeed

    barakaspeed Member This Topic's Starter

    Joined:
    Oct 12, 2010
    Messages:
    5
    Likes Received:
    0
    I guess I should have stated no visual or audo cues for Google Voice Actions, but you will see the phone make phone calls or send a text message.

    Try it, say Call XXX-XXXX and it will dial it and the call screen appears. (if not, then Google Voice Action probably didn't understand what you said, so it's important to speak clearly to fully test this)
     
  4. copestag

    copestag Well-Known Member

    Joined:
    May 23, 2010
    Messages:
    1,355
    Likes Received:
    247
    hmmm........ while I agree its a potential security flaw....... because the lockscreen is so secure and difficult to get around....

    however I suppose it was probably intended to work even with the screen locked..... since theres really no point in having voice actions if you have to take a ton of steps to get there......... driving in your car with phone locked..... reach over press one button and go..... seems like it may have been intentional

    just my 2 cents

    btw IMO vlingo is loads better than google voice actions
     
  5. barakaspeed

    barakaspeed Member This Topic's Starter

    Joined:
    Oct 12, 2010
    Messages:
    5
    Likes Received:
    0
    If it was intentional, then I would expect it to be occurring on other manufacturers and builds of android. Droid 1 is not affected which uses google's original implementation of the lock screen. I suspect Droid X is affected, but only can confirm on my Droid 2.

    Doesn't anyone else feel as I do? I've unfortunately been getting the same response from other forums. If it's a feature, shouldn't it have a way to turn it off? I feel, that if my phone got into the hands of the wrong person, I'd hope they'd have no means of interacting with my phone.
     
  6. cableguynoe

    cableguynoe Well-Known Member

    Joined:
    Mar 30, 2010
    Messages:
    2,030
    Likes Received:
    264
    There is a security app that will delete all your contact and other information if ur phone is stolen. You can delete everything from your computer.
    Maybe something like that would put you at ease about the d2's lack of security?
     
  7. AndroidSPCS

    AndroidSPCS Well-Known Member

    Joined:
    Nov 12, 2009
    Messages:
    3,222
    Likes Received:
    478
    Wouldn't the thief have to know your contacts to use the voice action?

    Would they know to press it, and then voice dial "Johnny Appleseed" and see what the response is? They'd have to know your contacts to even make this work.

    Pretty limited weakness, if any.
     
  8. barakaspeed

    barakaspeed Member This Topic's Starter

    Joined:
    Oct 12, 2010
    Messages:
    5
    Likes Received:
    0
    I use Tasker, and I believe I can create something in it that can handle the suggestion you made. I'm not worried, I just feel it's a flaw, albeit a small one, that should still be fixed to keep Android as a whole as a reputable and solid platform.




    It is a minor flaw, I agree with you, but still one worth fixing in my opinion. True, they'd have to know contact entries in order to call them, but someone could make fraudulent and potentially costly calls (depending on your calling plan) to any number, as long as they voice dial by number. I feel this is grounds enough for Motorola to patch this.
     
  9. AndroidSPCS

    AndroidSPCS Well-Known Member

    Joined:
    Nov 12, 2009
    Messages:
    3,222
    Likes Received:
    478
    Maybe it could be made as an option. Those who want to voice dial with lock screen on can do so, those who don't can turn off this option.
     
  10. barakaspeed

    barakaspeed Member This Topic's Starter

    Joined:
    Oct 12, 2010
    Messages:
    5
    Likes Received:
    0
    I'd be down with that :) .. now Moto just needs to act on this.
     
  11. cableguynoe

    cableguynoe Well-Known Member

    Joined:
    Mar 30, 2010
    Messages:
    2,030
    Likes Received:
    264
    Btw, welcome to the forum Barakaspeed! :)
     

Share This Page

Loading...