On Tue, Sep 14, 2010 at 2:27 PM, Sven Aluoor <[email protected]> wrote: > Is "pattern security lock" more secure than a strong 4 characters PIN > (I used it on iPhone)?
sven, i haven't seen any serious analysis of android's "pattern" password scheme but your question made me think of this story: http://phandroid.com/2010/01/11/motorola-droid-lock-screen-flaw-allows-full-phone-entry/ the story and comments refer to three interesting vulnerabilities: 1. hitting "back" on android during an incoming call grants access to the home screen (fixed by now i'm sure) 2. cancelling an "emergency" (e.g. 911) call on blackberry dismisses the password prompt (unconfirmed, from the comments) 3. emulating a "multimedia cradle" by placing a small magnet near the back of an android will unlock it (unconfirmed, from the comments) lastly, i've seen a friend's up-to-date blackberry fail to obscure his password as he types it under a certain condition. because smartphones are relatively new technology i suspect that many such trivial password-bypass vulnerabilities remain. an aside for the software engineers: pc-based screensavers have had a bumpy ride too. jamie zawinski (jwz) of netscape/xemacs fame wrote xscreensaver. it's the default screensaver on many of the big linux distributions. he wrote some insightful notes on the practical application of 'the principle of least privilege' in the *nix world at http://www.jwz.org/xscreensaver/versus-xlock.html take it easy, -tyler -- "Perfection is achieved, not when there is nothing left to add, but when there is nothing left to remove." - Antoine de Saint-Exupéry _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
