PaulDotCom mailing list archives
Re: Android: pattern security lock vs. 4 characters PIN from a security side
From: Tyler Oderkirk <tyl.erod.e.rkirk () gmail com>
Date: Wed, 15 Sep 2010 22:16:28 -0400
On Tue, Sep 14, 2010 at 2:27 PM, Sven Aluoor <aluoor () gmail com> wrote:
Is "pattern security lock" more secure than a strong 4 characters PIN (I used it on iPhone)?
sven, i haven't seen any serious analysis of android's "pattern" password scheme but your question made me think of this story: http://phandroid.com/2010/01/11/motorola-droid-lock-screen-flaw-allows-full-phone-entry/ the story and comments refer to three interesting vulnerabilities: 1. hitting "back" on android during an incoming call grants access to the home screen (fixed by now i'm sure) 2. cancelling an "emergency" (e.g. 911) call on blackberry dismisses the password prompt (unconfirmed, from the comments) 3. emulating a "multimedia cradle" by placing a small magnet near the back of an android will unlock it (unconfirmed, from the comments) lastly, i've seen a friend's up-to-date blackberry fail to obscure his password as he types it under a certain condition. because smartphones are relatively new technology i suspect that many such trivial password-bypass vulnerabilities remain. an aside for the software engineers: pc-based screensavers have had a bumpy ride too. jamie zawinski (jwz) of netscape/xemacs fame wrote xscreensaver. it's the default screensaver on many of the big linux distributions. he wrote some insightful notes on the practical application of 'the principle of least privilege' in the *nix world at http://www.jwz.org/xscreensaver/versus-xlock.html take it easy, -tyler -- "Perfection is achieved, not when there is nothing left to add, but when there is nothing left to remove." - Antoine de Saint-Exupéry _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Android: pattern security lock vs. 4 characters PIN from a security side Sven Aluoor (Sep 14)
- Re: Android: pattern security lock vs. 4 characters PIN from a security side Brian H (Sep 14)
- Re: Android: pattern security lock vs. 4 characters PIN from a security side Don Seymour (Sep 14)
- Re: Android: pattern security lock vs. 4 characters PIN from a security side Michael Salmon (Sep 14)
- Re: Android: pattern security lock vs. 4 characters PIN from a security side Michael Miller (Sep 14)
- Re: Android: pattern security lock vs. 4 characters PIN from a security side Dave (Sep 14)
- Re: Android: pattern security lock vs. 4 characters PIN from a security side Champ Clark III [Softwink] (Sep 14)
- Re: Android: pattern security lock vs. 4 characters PIN from a security side Michael Miller (Sep 16)
- Re: Android: pattern security lock vs. 4 characters PIN from a security side Dave (Sep 14)
- Re: Android: pattern security lock vs. 4 characters PIN from a security side Brian H (Sep 14)
- Re: Android: pattern security lock vs. 4 characters PIN from a security side Anthony Miracle (Sep 15)
- Re: Android: pattern security lock vs. 4 characters PIN from a security side Sven Aluoor (Sep 16)
- Re: Android: pattern security lock vs. 4 characters PIN from a security side Tyler Oderkirk (Sep 16)