There has been several reports today of a security hole in the Motorola Droid phone. I was surprised that, at least according to some reports, the pattern lock which protects the phone much like a computer password, could be breached. Apparently, during an incoming call a thief could break into your phone by pushing the “dedicated back button” on the Droid phone.
Curious, I tried to replicate the breach.
I locked my Droid. Then called myself using a landline.
The phone rang, and the caller ID information came up on the display. I immediately pressed the back button. Nothing happened. The phone kept ringing. So I tried holding the back button, then repeatedly pressed it. Again, nothing happened.
I hung up the call, and tried to keep pressing the back button. The phone still showed the lock pattern screen and I could not gain access.
From what I can tell, Motorola may have admitted that there is a security flaw. This is unconfirmed (but I could be wrong).
But I can not duplicate the hack people are talking about today on the Web. I might be doing something wrong, and will keep looking into this story. If there is a hole, Motorola should get an OTA fix pronto. Then again, I’m dubious about the claim, although just because I can’t duplicate the issue doesn’t mean the report is not true.
[Source: Gizmodo, Droid Security Flaw Puts Your Personal Information at Risk]
Update: It’s a flaw. I was able to replicate it easily. I missed an easy step which is to actually answer the incoming call, then press back button. Yes, it does give you access to the entire phone’s contents. Obviously not good. We’ll see how long it takes Motorola/Verizon to fix the security issue. You’d think they would have tested this first, no? Apparently this only impacts Android 2.0.1 devices (such as the Droid), so Nexus One is possible not at risk.