1. Download our Official Android App: Forums for Android!

General Huge security flaws in 6p

Discussion in 'Android Devices' started by Qais Arsala, Aug 5, 2016.

  1. Qais Arsala

    Qais Arsala Lurker
    Thread Starter
    Rank:
    None
    Points:
    15
    Posts:
    6
    Joined:
    Aug 5, 2016

    Aug 5, 2016
    6
    0
    15
    Male
    Folsom, CA
    My 10 and 12 year old figured out in 5 minutes how to bypass fingerprint security and get into my device. I called Google 855 customer service number and the rep didn't take it seriously and told me that he will put it in his notes.
     

    Advertisement

  2. Vamp07

    Vamp07 Newbie
    Rank:
    None
    Points:
    16
    Posts:
    22
    Joined:
    Jun 19, 2010

    Jun 19, 2010
    22
    9
    16
    Mine just ate a whole box of cookies.
     
    CyberZeus and Qais Arsala like this.
  3. Qais Arsala

    Qais Arsala Lurker
    Thread Starter
    Rank:
    None
    Points:
    15
    Posts:
    6
    Joined:
    Aug 5, 2016

    Aug 5, 2016
    6
    0
    15
    Male
    Folsom, CA




    Here's the link to it
     
  4. Rxpert83

    Rxpert83 Dr. Feelgood
    Rank:
     #12
    Points:
    1,953
    Posts:
    17,922
    Joined:
    Aug 30, 2011

    Aug 30, 2011
    17,922
    13,145
    1,953
    Male
    Graduate Student
    MN
    It looks like you have trusted voice on.
     
    codesplice likes this.
  5. Qais Arsala

    Qais Arsala Lurker
    Thread Starter
    Rank:
    None
    Points:
    15
    Posts:
    6
    Joined:
    Aug 5, 2016

    Aug 5, 2016
    6
    0
    15
    Male
    Folsom, CA
    I don't let them touch my device. I allowed one time and they figured it out.
     
  6. Qais Arsala

    Qais Arsala Lurker
    Thread Starter
    Rank:
    None
    Points:
    15
    Posts:
    6
    Joined:
    Aug 5, 2016

    Aug 5, 2016
    6
    0
    15
    Male
    Folsom, CA
  7. Vamp07

    Vamp07 Newbie
    Rank:
    None
    Points:
    16
    Posts:
    22
    Joined:
    Jun 19, 2010

    Jun 19, 2010
    22
    9
    16
    Their voices have been set up to unlock the phone. Where is the security flaw?
     
  8. Qais Arsala

    Qais Arsala Lurker
    Thread Starter
    Rank:
    None
    Points:
    15
    Posts:
    6
    Joined:
    Aug 5, 2016

    Aug 5, 2016
    6
    0
    15
    Male
    Folsom, CA
    I just got my nexus so I don't have trusted voice on as a default setting
    BTW, where is trusted voice in the settings?
     
    #8 Qais Arsala, Aug 6, 2016
    Last edited: Aug 6, 2016
  9. Qais Arsala

    Qais Arsala Lurker
    Thread Starter
    Rank:
    None
    Points:
    15
    Posts:
    6
    Joined:
    Aug 5, 2016

    Aug 5, 2016
    6
    0
    15
    Male
    Folsom, CA
    BTW you HAVE to say OK Google you can't just tap the mic icon.
     
  10. codesplice

    codesplice Elite Recognized Moderator
    Moderator
    Rank:
     #14
    Points:
    1,563
    Posts:
    8,801
    Joined:
    Oct 29, 2013

    Oct 29, 2013
    8,801
    10,185
    1,563
    Male
    SysAdmin
    Huntsville, AL
    Settings > Security > Smart Lock > Trusted Voice.

    This ties in to the Always On "Ok Google" detection (Google app > Menu > Settings > Voice > "Ok Google detection).

    That is where you train your phone to recognize your voice. It then listens for you to say "Ok Google" to automatically bypass the lockscreen.

    You can read more about this feature here.

    During the setup of that feature, you get a popup warning that someone with a voice similar to yours (like your son) may be able to bypass the lockscreen as well.

    Smart Lock is just another instance of balancing security versus convenience. Google created Smart Lock (and implemented native support for fingerprint-based authentication) in response to the worrying number of people who didn't secure their phones with a simple lockscreen passcode.

    Smart Lock makes it easier for lazy people to have a bit of extra security without causing excess inconvenience when using their device.

    All of the Smart Lock features warn that their use will not necessarily be as secure as simply requiring a PIN to be entered every time:
    • On-Body detection could be bypassed if a thief swiped your phone from your pocket
    • Trusted Places means that anyone also in your trusted place (home, office) would have full access to your phone
    • Trusted Devices could be defeated by a thief taking both your phone and your paired Bluetooth device (smartwatch, headphones, etc)
    • Trusted Face could be tricked by someone who looks like you
    • and Trusted Voice, as you've discovered, could be bypassed by someone who sounds like you.
    While convenience features like Smart Lock aren't going to be as secure as requiring a PIN or complex password each time you unlock your device, they're still much more secure than no lockscreen security at all. That's the demographic of users that Google was targeting. :)
     
    #10 codesplice, Aug 8, 2016
    Last edited: Aug 8, 2016
  11. Rxpert83

    Rxpert83 Dr. Feelgood
    Rank:
     #12
    Points:
    1,953
    Posts:
    17,922
    Joined:
    Aug 30, 2011

    Aug 30, 2011
    17,922
    13,145
    1,953
    Male
    Graduate Student
    MN
    Please check your security settings and tell us if trusted voice is on. I'm 99% sure thats it. If so, thats not a security flaw, thats the user trading some security for ease of use.
     
    #11 Rxpert83, Aug 8, 2016
    Last edited: Aug 8, 2016
    codesplice likes this.

Nexus 6P

The Nexus 6P is a Huawei made Android Smartphone that would be come the last Nexus device before the launch of Google's Pixel line of phones.
Tags:

Share This Page

Loading...