1. Download our Official Android App: Forums for Android!

Rather large security hole in Touchdown?

Discussion in 'Android Apps & Games' started by magnavita, Nov 21, 2009.

  1. magnavita

    magnavita Lurker
    Thread Starter
    Rank:
    None
    Points:
    5
    Posts:
    1
    Joined:
    Nov 21, 2009

    Nov 21, 2009
    1
    0
    5
    I think I stumbled upon a rather large security hole in Touchdown and its pin entry.

    I have a myTouch with the latest apps and patches on it. Nothing fancy, not rooted.

    If, when you get to the pin entry dialog in Touchdown, you simply switch to the phone app, then use the Back button (or Home, then Back...haven't done extensive testing), you're presented your Touchdown home - no pin entry blocking you, even after a fresh powerup.

    Is this sort of a known hack around these pin-style apps? Or is this a problem with the way Touchdown's pin entry works?

    Either way, a note to the developers is probably warranted? These days, IT depts are getting more and more secure-conscious with powerful phones like this, and may be upset to know that emails and contacts are as insecure as this. It was suggested by my IT dept that I purchase Touchdown a few months ago, and it works great, but this makes me worry.
     

    Advertisement

  2. Rongo

    Rongo Lurker
    Rank:
    None
    Points:
    5
    Posts:
    4
    Joined:
    Feb 17, 2010

    Feb 17, 2010
    4
    0
    5
    Outside of Seattle, WA USA
    can this be reproed over and over?

    We've tried this on a couple devices and haven't been able to make this happen.

    this is a stock ROM, not rooted device, correct?

    Would you please send a mail to support@nitrodesk.com so our support folks can walk you through generating a diagnostics log so that we can see what's happening on your device.

    Thanks!

    Ron
     
  3. stevenlong

    stevenlong Well-Known Member
    Rank:
    None
    Points:
    58
    Posts:
    211
    Joined:
    Nov 13, 2009

    Nov 13, 2009
    211
    11
    58
    Computer Programmer
    Austin, TX
    I can't get this to happen on my dell streak.

    I have noticed that the pin is cached, or there is some time out value associated with when you enter the pin so that if I return to touchdown with a short period of time I will not get the prompt for a pin.
     
  4. Rongo

    Rongo Lurker
    Rank:
    None
    Points:
    5
    Posts:
    4
    Joined:
    Feb 17, 2010

    Feb 17, 2010
    4
    0
    5
    Outside of Seattle, WA USA
    right....that's a "time-out" setting that's pushed form Exchange. they admin can say that it will only require the PIN if it's been more than 2 minutes since the data was last accessed, etc.

    if anyone else can test the above scenario and report back, please do and let me know what type of device and what version of Android.


    Thanks!
     
  5. AngryHatter

    AngryHatter Android Expert
    Rank:
    None
    Points:
    78
    Posts:
    973
    Joined:
    Jan 21, 2011

    Jan 21, 2011
    973
    92
    78
    QA Admin
    SoCal
    The post is 2 years old?
     
  6. Yeahha

    Yeahha Usually off topic
    Rank:
    None
    Points:
    813
    Posts:
    10,472
    Joined:
    Jul 29, 2010

    Jul 29, 2010
    10,472
    4,693
    813
    ...
    FG

    We know the devs over at touchdown are on top of their game scouring forums feedback on their app
     
  7. Rongo

    Rongo Lurker
    Rank:
    None
    Points:
    5
    Posts:
    4
    Joined:
    Feb 17, 2010

    Feb 17, 2010
    4
    0
    5
    Outside of Seattle, WA USA
    yes, it is old, but we had another user report the issue today and referenced this article.

    It's been fixed long ago but we just want to be sure. too many folks are relying on TouchDown to leave anything to chance.
     

Share This Page

Loading...