A tale of two unlocks

Bypassing phone lock screens seems to be the story of the day: first, access to the phone book and photos of an up-to-date iPhone:

By locking the device and enabling the Voice Control feature, it is possible to circumvent the lock screen by ejecting the SIM card from its tray at the moment the device starts dialing.
From here, the phone application remains open, allowing access to recent call logs, contacts, and voicemail (if it isn't protected by a separate PIN code). But also from here, photos and video can also be accessed by creating a new contact. When a new contact is created, it opens up access to the photos application — including Camera Roll and Photo Stream.
Note that the iOS version tested (6.1.3) is the release which fixes the previous unlock screen exploit. One wonders how many more of these exploits are going to come around.

The impact of this bug is limited in frequency but severe in impact. Although all modern iOS devices appear to be vulnerable, the actual exploit does not (in general) give a thief much to work with. He can't apparently make calls or send texts with the device, which are the two potentially most expensive acts. Where it does have an impact is situations where the address book or photos data are regarded as valuable - generally, when the thief knows the iPhone owner or knows they are a friend of someone whose address, phone number or data he wishes to steal. Imagine, for instance, if someone got access to Pippa Middleton's iPhone and used this exploit to read contact information and photos of her family and friends.

But let's not just pile on Apple - Samsung is similarly vulnerable:

From the lock screen, an attacker can enter a fake emergency number to call which momentarily bypasses the lock screen, as before. But if these steps are repeated, the attacker has enough time to go into the Google Play application store and voice search for "no locking" apps, which then disables the lock screen altogether.
From there, the device is left wide open.
The interesting point here is that the vulnerability doesn't appear to be present on "stock" (Google-released) Android 4.1.2 phones - it appears to be peculiar to Samsung devices. That implies to me that in Samsung's effort to pile on their customisations to differentiate themselves from J. Random Other Android device provider, they may have sacrificed something in quality and security testing. Unlike Apple, however, I suspect Samsung don't particularly care. They will certainly care about this flaw (since it makes Samsung leading-edge phones even more attractive to tea leafs who wish to burn up their victims' phone bills) but I don't see them slowing down their development velocity. That's their primary differentiator over Apple - new features and innovation - and there's no way they're going to trade that for slightly improved security. Only if the flaws being discovered have substantial negative impact for the average user (phone crashing all the time, corruption of storage, inability to view videos of cats) will they impact sufficiently on Samsung to change their development direction.

No comments:

Post a Comment

All comments are subject to retrospective moderation. I will only reject spam, gratuitous abuse, and wilful stupidity.