funsec mailing list archives
Access vulnerability on Android tablet
From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rmslade () shaw ca>
Date: Tue, 3 Dec 2013 12:50:01 -0800
I made my first ever "Black Friday" purchase last week. Staples (for those outside North America, this is a "big box" office supplies store with a large computer and tech section) had a door-crasher special of a Digital2 brand 7" tablet, running Android 4.1, marked down from $250 to $70. We had to go past a Staples on an errand, so I stopped in and got it. I don't quite regret getting it: particular at that price it is probably worth it. I may do a review of its shortcomings at some point. (Low memory, poor storage management, slow performance, limited battery, incompatible with some apps, poor file management options, many functions irregular.) However, I came across something this morning that indicates a weakness. One of the oddities is that there is no indication of charging or battery unless the tablet is on. So, while charging, I had the tablet on to check the battery level. The indicator icons are on the lower right of the screen on this model, and, in order to get more details on the charge, I touched that area. But I had forgotten to unlock the device. https://twitter.com/rslade/status/407966375596929024/photo/1/large Lo and behold, it brought up the quick indicator list anyway, and, along with it, the notifications. Prodding at this, I found that I couldn't get into the settings menu proper, but I could access any of the notification messages. And, once into any of those apps I had full access. (This sounds similar to a number of lock-screen vulnerabilities that I've heard of on various Android and iOS versions and devices, but it seemed to be simpler and more direct than most.) ====================== (quote inserted randomly by Pegasus Mailer) rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org My son is not brilliant; he's not genius. Anyone that has any computer knowledge could have done what Jeff did. It doesn't take a level of genius to do this. - mother of teen charged with modifying a virus - got *that* right victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Access vulnerability on Android tablet Rob, grandpa of Ryan, Trevor, Devon & Hannah (Dec 03)