Motorola DROID 2 security flaw allows Voice Actions from passcode-protected state

By on Oct 15, 2010 at 4:01 PM
Exclusive October 15, 2010

One of our astute readers let us know about a bug that appears to be present in all stock, unrooted, Motorola DROID 2s (and potentially other Android 2.2 devices with BLUR). The bug allows users to execute Google Voice Actions on their device even when the handset is locked and a passcode is activated. With your DROID 2 locked, and the passcode prompt on the screen, holding the “search” softkey or keyboard-key for four seconds will — without giving the user any feedback — still trigger Google’s Voice Actions. Speaking: “Call 555-555-1234″ or “Call Home” will actually make your DROID 2 do just that (assuming “home” is in your phonebook). We couldn’t make our Nexus One or Captivate replicate the issue, so we’re assuming it is a Motorola/BLUR specific issue. Anyone out there with a DROID X running Android 2.2 able to get their handset to do the same? We’ve reached out to Motorola for comment and will update the post as soon as we hear back. There is a short video demonstrating the issue after the break.

Tags:
, , , , , , , , , ,
87 Comments

Related Articles

  • barakaspeed

    Looking forward to the fix!

  • Stefan`

    I have the DX w/froyo and the voice commands dont work when locked so i think it probably just a bad app someone must of downloaded causing the security flaw…

  • Normz

    Works on droidX!!

  • RT @jimmyontheradio

    Figures. Droid doesn’t.

  • mycackisbigrthanyrs

    norm droids are for cheap ass ” poor ” people that live in their parents house and jerk off on the internet… iphones are for us adults with real jobs ( being a clerk at a vzw store in the mall does not count )

    Posted from BGR Mobile (iPhone).

    • stuffyeriphone

      Oh, come on, Mycack. Everyone knows that iphone users like you that belittle the Droid people get office jobs so that no one can see them whacking off when they are sitting behing their desk.

  • Davis

    The title and stuff are a little misleading. I thought that the “flaw” here was that you could make voice commands while the phone is locked (a FEATURE that BB and iPhones also have), but the issue is that you can then switch to other apps on the phone bypassing the code.

  • http://www.worsttech.com Mansoor

    Looking forward for the fix. Please bring it on!

  • !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!ha

    im going to mess with my friends phone and tell him that i hacked his phone in 10 seconds

  • Nope

    Cant duplicate on X

  • John

    The same applies for a locked/protected iphone. I just tried it on mine

  • David Steeve

    Well, this could be the only case that we know about . Before we point the finger and say this phone has privacy issues, phone “B” could be as bad.

  • http://none KGB

    Could not duplicate on password protected D2, not rooted, running 2.2.

  • nerdo

    I have the solution

    function initVoice{

    if (phoneStatus.isLocked){
    abort();
    }else{
    //do stuff
    }

    }

  • AC

    This is not the droid I’m looking for.

1 2
blog comments powered by Disqus