SECURITY FLAW! Google Voice Actions usable on lock screen!

Discussion in 'Android Lounge' started by barakaspeed, Oct 13, 2010.

  1. barakaspeed

    barakaspeed Member
    5

    Oct 12, 2010
    5
    0
    5
    I just noticed yesterday accidentally that you can press and hold the search button on the lock screen and perform anything Google Voice Actions is capable of. I am using a Droid 2 unrooted. This may affect the Droid X as well.

    This is a huge security flaw in Motorola's modified pattern/PIN lock screen. Hopefully this thread garnishes enough attention so that this can be patched soon!


    Steps to reproduce:

    1. Lock your screen
    2. Press and hold the search button "magnifying glass"
    3. Speak any voice action and the phone will respond. Note: you will not get any visual or audible cues (in Google Voice Actions) that it is working, but it is!
     

    Advertisement
  2. A.Nonymous

    A.Nonymous Well-Known Member
    213

    Jun 7, 2010
    7,061
    965
    213
    How do you know it's working if you don't get any visual or audio cues?
     
  3. barakaspeed

    barakaspeed Member
    5

    Oct 12, 2010
    5
    0
    5
    I guess I should have stated no visual or audo cues for Google Voice Actions, but you will see the phone make phone calls or send a text message.

    Try it, say Call XXX-XXXX and it will dial it and the call screen appears. (if not, then Google Voice Action probably didn't understand what you said, so it's important to speak clearly to fully test this)
     
  4. copestag

    copestag Well-Known Member
    143

    May 23, 2010
    1,355
    247
    143
    hmmm........ while I agree its a potential security flaw....... because the lockscreen is so secure and difficult to get around....

    however I suppose it was probably intended to work even with the screen locked..... since theres really no point in having voice actions if you have to take a ton of steps to get there......... driving in your car with phone locked..... reach over press one button and go..... seems like it may have been intentional

    just my 2 cents

    btw IMO vlingo is loads better than google voice actions
     
  5. barakaspeed

    barakaspeed Member
    5

    Oct 12, 2010
    5
    0
    5
    If it was intentional, then I would expect it to be occurring on other manufacturers and builds of android. Droid 1 is not affected which uses google's original implementation of the lock screen. I suspect Droid X is affected, but only can confirm on my Droid 2.

    Doesn't anyone else feel as I do? I've unfortunately been getting the same response from other forums. If it's a feature, shouldn't it have a way to turn it off? I feel, that if my phone got into the hands of the wrong person, I'd hope they'd have no means of interacting with my phone.
     
  6. cableguynoe

    cableguynoe Well-Known Member
    163

    Mar 30, 2010
    2,030
    264
    163
    I'm a cableguy....really
    Monterey, CA
    There is a security app that will delete all your contact and other information if ur phone is stolen. You can delete everything from your computer.
    Maybe something like that would put you at ease about the d2's lack of security?
     
  7. AndroidSPCS

    AndroidSPCS Well-Known Member
    173

    Nov 12, 2009
    3,222
    478
    173
    geek
    USA
    Wouldn't the thief have to know your contacts to use the voice action?

    Would they know to press it, and then voice dial "Johnny Appleseed" and see what the response is? They'd have to know your contacts to even make this work.

    Pretty limited weakness, if any.
     
  8. barakaspeed

    barakaspeed Member
    5

    Oct 12, 2010
    5
    0
    5
    I use Tasker, and I believe I can create something in it that can handle the suggestion you made. I'm not worried, I just feel it's a flaw, albeit a small one, that should still be fixed to keep Android as a whole as a reputable and solid platform.




    It is a minor flaw, I agree with you, but still one worth fixing in my opinion. True, they'd have to know contact entries in order to call them, but someone could make fraudulent and potentially costly calls (depending on your calling plan) to any number, as long as they voice dial by number. I feel this is grounds enough for Motorola to patch this.
     
  9. AndroidSPCS

    AndroidSPCS Well-Known Member
    173

    Nov 12, 2009
    3,222
    478
    173
    geek
    USA
    Maybe it could be made as an option. Those who want to voice dial with lock screen on can do so, those who don't can turn off this option.
     
  10. barakaspeed

    barakaspeed Member
    5

    Oct 12, 2010
    5
    0
    5
    I'd be down with that :) .. now Moto just needs to act on this.
     
  11. cableguynoe

    cableguynoe Well-Known Member
    163

    Mar 30, 2010
    2,030
    264
    163
    I'm a cableguy....really
    Monterey, CA
    Btw, welcome to the forum Barakaspeed! :)
     

Share This Page

Loading...