Push The Button, Max*: Droid Security Flaw Uncovered

This image described by Android, security flaw, Droid, Droid-prof-fate

A few days ago, we showed you how to connect an unlocked Nexus One to AT&T's network.  When we got to the Android OS security screen (which eschewed the usual PIN number entry for a dot-entry page),  we said at the time "We like that feature."

Um…maybe not so much now.

A security bug has been discovered in the Verizon-branded Motorola Droid that could allow hackers to bypass the security screen entirely.  Normally, when the phone is locked, you are expected to key in the correct dot pattern to unlock the phone.  Not so if there's an incoming call: when you get the security screen prompt, tapping the "Back" icon returns you to the home screen — and gives you access to EVERYTHING on the phone.

Note that so far, the bug has only been uncovered on Droids running Android OS v2.0.1 (which is still a lot of Android phones); the new Nexus One, which runs the current v2.1, has not been tested for this flaw yet.  Google says they're aware of the flaw, and are working on a fix even as we speak.

(*Oh, and in case you didn't get the joke in the article title and graphic: in The Great Race (1965), Jack Lemmon's dastardly villain Professor Fate was constantly telling his flunkie Max (Peter Falk) to "push the button" on their rococco race car — and, in true Wile E. Coyote fashion, each button pushing would cause a bigger and bigger catastrophe to occur…)

[Via The Assurer]

About Dactyl Anapest

Google + Profile