Security Issues... Unlock Screen

[VidJunky]

I use the lock pattern to access my phone for a bit of added protection, but there is very little protection in this. What I've found is either due to Sense 3.5 or a full factory installed version of 2.3 there is a huge hole in the phone lock. If I get a missed call, voice message, or text while the phone is sleep/locked and then press the wake button I can drag anyone of those icons with a count into the ring and that app will open. No lock pattern needed. Once open you can back out to the home screen, or press the home button and go on using the phone as if there was no security lock. It doesn't seem to work if there hasn't been any activity.

For those of you who use the screen lock feature, you'll know that there is a timeout feature. For those of you who do not, once you unlock the phone you can put it to sleep and wake it up without using the lock pattern for 1 to 3 minutes (not sure how long), so if you put the phone to sleep and want to reopen it you don't have to keep putting in the code if it is under the time. After this timer times out you again have to use the lock pattern. What I think is happening with this security hole is the event, (missed call, text, voice mail) is interpreted by the phone as activity and begins the timer, but at the same time doesn't disable the lock pattern. If you slide the ring up as you would normally you are still prompted to enter the lock code, but if you pull an icon with an activity count into the ring it allows access to that app as though the phone was unlocked.

Something I haven't tried is letting a text or voice mail sit beyond the time and trying to use the icon with an activity count to open the phone. I'll try it and update this post on the results. Not that it matters if all someone has to do is wait for a text or something to come in and then they have full access to your device. Grated they will lose access once the phone sleeps but by then who knows what they can do.

 

[buckifvr]

Interesting, I use the pattern lock as well, but I have not noticed that. I will have to pay attention and see if I can duplicate your observations. BTW = GO BUCKS!!!

 

[PaulQ]

I just tried mine. After the lock delay, if I drag GoSMS to the circle, it opens my pattern lock.

I didn't try it when a received text was waiting. I'll do that next.

 

[VidJunky]

Well as I pointed out earlier you have to have a count on the icon. I just tried having someone send me a text and waited until I was sure any timer would or should have expired and it still took me to my text app. So basically any icon on your lock screen with a count is a free ticket into your phone.

 

[PaulQ]

I use GoSMS. I texted myself and waited over 15 minutes. It pops the SMS window up on top of the main screen. I woke the phone up, I saw the message window. I cleared the message window and got the "home" screen with the four icons to choose from. I slid the GoSMS icon down to the circle and it opened my pattern lock.

My icons don't show counts. It must have something to do with the stock message icons/apps. ??

 

[VidJunky]

I use GoSMS... My icons don't show counts. It must have something to do with the stock message icons/apps. ??

Yeah last night I was going to try to figure out how to change the app icons, not to see if anything changed just because. But I'll try getting away from the stock apps and see if there is any change. I'll also retry my test with letting it sit, because I'm not sure how long I actually let it sit, felt like at least 5 but I'm not sure.

 

[buckifvr]

I tried with Handcent and it did not bypass or unlock my pattern lock.

Sent from my HTC Rezound using Tapatalk

 

[VidJunky]

If it turns out to just be me or something I'm doing I'll just turn off the icons. If I find I don't like it that way I can always turn them back on.