Share

Related Links

Related Stories

  • Making money from mobile malware made possible using tromboning
    In the days of dial-up modems, malware authors developed trojans and other black code that dialled premium rate numbers in the background and so generating revenues for their criminal gangs. Today, thanks to the arrival of landline broadband, the process of background premium rate calls – driven by malware – has migrated to mobile phones.
  • UAE close to Blackberry security agreement
    The United Arab Emirates is optimistic about reaching an agreement with Blackberry maker Research In Motion (RIM) over security concerns, according to a top official.
  • Cisco embraces the iPhone – secure corporate mobility at last?
    Cisco has taken the wraps off an iPhone app that supports secure connections to the AnyConnect Secure Mobility Client. The iOS 4.1 compatible client app is, says the networking specialist, aimed at supporting the growing number of business people using the iPhone.
  • Businesses not taking mobile security seriously, says Vodafone
    Most businesses are failing to take security on smartphones as seriously as they do on laptops, says Howard Clegg, head of solution sales, Vodafone UK.
  • Second smartphone trojan hits Android handset platform
    With industry reports suggesting that Google Android could overtake the iPhone's operating system in popularity terms by the end of the year, it seems that hackers are again focussing their attention on the open smartphone operating system.

Top 5 Stories

News

Motorola's next-generation Android handset security is hackable

18 October 2010

Smartphone handset vendor Motorola, which has recently joined the Google Android mobile alliance, has reportedly been rocked by reports that its latest Droid 2 handset has a potentially major security flaw.

The Droid 2 – which is also likely to be released in the UK early next year – is the successor to the Motorola Milestone, aka Droid in the UK, which has been available on the O2 and T-Mobile networks.

The security flaw on the Droid 2 reportedly centres on Google Voice actions, which can be triggered even when the handset is locked and password security activated.

Google Voice is a Google telephony service that gives US users a single personal number and then allows call screening, forwarding and other advanced functions, including automated callbacks triggered across the internet.

There are plans, Infosecurity notes, to launch Google Voice in the UK very shortly.

According to a weekend report on the Softpedia newswire, even in a locked state, when the 'search' softkey – or the keyboard-key –- is pressed for four seconds, Google's 'voice actions' facility is triggered.

"What's more interesting is that the handset won't inform the user in any way that the said option has been enabled", says the newswire.

The problem with this security flaw is that, once activated, the feature then allows chargeable calls to be made using the spoken word, rather than a keyboard interface.

A similar issue, says Softpedia, was spotted on the original Droid/Milestone handset at the start of the year, but was resolved with an over-the-air software update.

"At that time, the handset's pattern lock screen, which was supposed to be active when call was in progress, for example, could have been bypassed through simply hitting the Back button when in a call, a move that would have offered full access to the applications and menus of the device", says the newswire.

Motorola has yet to respond to the reports, but forum postings over the weekend suggest that the handset vendor will soon be aware of the issue, hopefully before US carrier Verizon starts shipping the mobiles later this month.

 

This article is featured in:
Wireless and Mobile Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×