• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

SECURITY FLAW! Google Voice Actions usable on lock screen!

barakaspeed

Lurker
Oct 12, 2010
5
0
I just noticed yesterday accidentally that you can press and hold the search button on the lock screen and perform anything Google Voice Actions is capable of. I am using a Droid 2 unrooted. This may affect the Droid X as well.

This is a huge security flaw in Motorola's modified pattern/PIN lock screen. Hopefully this thread garnishes enough attention so that this can be patched soon!


Steps to reproduce:

1. Lock your screen
2. Press and hold the search button "magnifying glass"
3. Speak any voice action and the phone will respond. Note: you will not get any visual or audible cues (in Google Voice Actions) that it is working, but it is!
 
How do you know it's working if you don't get any visual or audio cues?

I guess I should have stated no visual or audo cues for Google Voice Actions, but you will see the phone make phone calls or send a text message.

Try it, say Call XXX-XXXX and it will dial it and the call screen appears. (if not, then Google Voice Action probably didn't understand what you said, so it's important to speak clearly to fully test this)
 
Upvote 0
hmmm........ while I agree its a potential security flaw....... because the lockscreen is so secure and difficult to get around....

however I suppose it was probably intended to work even with the screen locked..... since theres really no point in having voice actions if you have to take a ton of steps to get there......... driving in your car with phone locked..... reach over press one button and go..... seems like it may have been intentional

just my 2 cents

btw IMO vlingo is loads better than google voice actions
 
Upvote 0
hmmm........ while I agree its a potential security flaw....... because the lockscreen is so secure and difficult to get around....

however I suppose it was probably intended to work even with the screen locked..... since theres really no point in having voice actions if you have to take a ton of steps to get there......... driving in your car with phone locked..... reach over press one button and go..... seems like it may have been intentional

just my 2 cents

btw IMO vlingo is loads better than google voice actions

If it was intentional, then I would expect it to be occurring on other manufacturers and builds of android. Droid 1 is not affected which uses google's original implementation of the lock screen. I suspect Droid X is affected, but only can confirm on my Droid 2.

Doesn't anyone else feel as I do? I've unfortunately been getting the same response from other forums. If it's a feature, shouldn't it have a way to turn it off? I feel, that if my phone got into the hands of the wrong person, I'd hope they'd have no means of interacting with my phone.
 
Upvote 0
There is a security app that will delete all your contact and other information if ur phone is stolen. You can delete everything from your computer.
Maybe something like that would put you at ease about the d2's lack of security?

I use Tasker, and I believe I can create something in it that can handle the suggestion you made. I'm not worried, I just feel it's a flaw, albeit a small one, that should still be fixed to keep Android as a whole as a reputable and solid platform.



Wouldn't the thief have to know your contacts to use the voice action?

Would they know to press it, and then voice dial "Johnny Appleseed" and see what the response is? They'd have to know your contacts to even make this work.

Pretty limited weakness, if any.


It is a minor flaw, I agree with you, but still one worth fixing in my opinion. True, they'd have to know contact entries in order to call them, but someone could make fraudulent and potentially costly calls (depending on your calling plan) to any number, as long as they voice dial by number. I feel this is grounds enough for Motorola to patch this.
 
Upvote 0

BEST TECH IN 2023

We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.

Smartphones