mailing list archives
Access vulnerability on Android tablet
From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rmslade () shaw ca>
Date: Tue, 3 Dec 2013 12:50:01 -0800
I made my first ever "Black Friday" purchase last week. Staples (for those outside
North America, this is a "big box" office supplies store with a large computer and
tech section) had a door-crasher special of a Digital2 brand 7" tablet, running
Android 4.1, marked down from $250 to $70. We had to go past a Staples on an
errand, so I stopped in and got it.
I don't quite regret getting it: particular at that price it is probably worth it. I may
do a review of its shortcomings at some point. (Low memory, poor storage
management, slow performance, limited battery, incompatible with some apps,
poor file management options, many functions irregular.) However, I came across
something this morning that indicates a weakness.
One of the oddities is that there is no indication of charging or battery unless the
tablet is on. So, while charging, I had the tablet on to check the battery level.
The indicator icons are on the lower right of the screen on this model, and, in
order to get more details on the charge, I touched that area. But I had forgotten
to unlock the device.
Lo and behold, it brought up the quick indicator list anyway, and, along with it, the
notifications. Prodding at this, I found that I couldn't get into the settings menu
proper, but I could access any of the notification messages. And, once into any of
those apps I had full access.
(This sounds similar to a number of lock-screen vulnerabilities that I've heard of
on various Android and iOS versions and devices, but it seemed to be simpler and
more direct than most.)
====================== (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca slade () victoria tc ca rslade () computercrime org
My son is not brilliant; he's not genius. Anyone that has any
computer knowledge could have done what Jeff did. It doesn't take
a level of genius to do this.
- mother of teen charged with modifying a virus - got *that* right
Fun and Misc security discussion for OT posts.
Note: funsec is a public and open mailing list.
- Access vulnerability on Android tablet Rob, grandpa of Ryan, Trevor, Devon & Hannah (Dec 03)