[phone-app] bypass lock on shell possible
Bug #1375513 reported by
kevin gunn
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Ubuntu UX |
Fix Released
|
Critical
|
Olga Kemmet | ||
| dialer-app |
Fix Released
|
Critical
|
Renato Araujo Oliveira Filho | ||
| dialer-app (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
| unity8 (Ubuntu) |
Invalid
|
Critical
|
Michael Terry | ||
Bug Description
from a private bug 1374773
With the "Recent" option in the dialer in emergency call mode it's possible to get to the task switcher, app scope
Steps to reproduce
1. Set a passcode
2. Swipe away welcome screen
3. Tap 'emergency call' - phone opens
4. Swipe "Recent" bottom edge up
5. Swipe a contact left, choose message (screen locks, wait for osk)
6. Swipe away osk
7. Tap 'emergency call' - phone opens again to 'recent'
8. Swipe left a person, tap person icon (screen locks)
9. Tap 'emergency call'
10. Swipe in from right of screen, observe muliple apps, and you can pick any of them.
This bypasses screen lock.
Related branches
lp://qastaging/~renatofilho/address-book-app/fix-1375513
- Gustavo Pichorim Boiko (community): Approve
- Bill Filler (community): Approve
- PS Jenkins bot: Approve (continuous-integration)
-
Diff: 28 lines (+3/-1)1 file modifiedsrc/imports/Ubuntu/Contacts/PageWithBottomEdge.qml (+3/-1)
lp://qastaging/~renatofilho/address-book-app/release-30-09-2014
- Bill Filler (community): Approve
- PS Jenkins bot: Approve (continuous-integration)
-
Diff: 220 lines (+29/-20)6 files modifieddata/address-book-app.desktop.in.in (+2/-0)
po/address-book-app.pot (+18/-17)
src/imports/ContactEdit/ContactDetailAvatarEditor.qml (+3/-0)
src/imports/ContactEdit/ContactEditor.qml (+2/-1)
src/imports/ContactView/ContactFetchError.qml (+1/-1)
src/imports/Ubuntu/Contacts/PageWithBottomEdge.qml (+3/-1)
Revision history for this message
| kevin gunn (kgunn72) wrote | #1 |
| Changed in dialer-app: | |
| importance: | Undecided → Critical |
| Changed in unity8 (Ubuntu): | |
| importance: | Undecided → Critical |
| tags: | added: rtm14 touch-2014-10-16 |
| Changed in unity8 (Ubuntu): | |
| assignee: | nobody → Michael Terry (mterry) |
| Changed in dialer-app: | |
| assignee: | nobody → Gustavo Pichorim Boiko (boiko) |
Revision history for this message
| Michael Terry (mterry) wrote | #2 |
| Changed in unity8 (Ubuntu): | |
| assignee: | Michael Terry (mterry) → nobody |
| status: | New → Incomplete |
| assignee: | nobody → Michael Terry (mterry) |
| Changed in dialer-app: | |
| assignee: | Gustavo Pichorim Boiko (boiko) → Renato Araujo Oliveira Filho (renatofilho) |
Revision history for this message
| Olga Kemmet (olga-kemmet) wrote | #3 |
| Changed in ubuntu-ux: | |
| assignee: | nobody → Olga Kemmet (olga-kemmet) |
| status: | New → Confirmed |
| importance: | Undecided → Critical |
| summary: |
- bypass lock on shell possible + [phone-app] bypass lock on shell possible |
Revision history for this message
| Alan Pope 🍺🐧🐱 🦄 (popey) wrote | #4 |
Revision history for this message
| Michael Terry (mterry) wrote | #5 |
| Changed in dialer-app: | |
| status: | New → In Progress |
| Changed in ubuntu-ux: | |
| status: | Confirmed → Triaged |
| Changed in dialer-app: | |
| status: | In Progress → Fix Released |
| Changed in unity8 (Ubuntu): | |
| status: | Incomplete → Invalid |
| Changed in ubuntu-ux: | |
| status: | Triaged → Fix Committed |
Revision history for this message
| Olga Kemmet (olga-kemmet) wrote | #6 |
| Changed in ubuntu-ux: | |
| status: | Fix Committed → Fix Released |
| Changed in dialer-app (Ubuntu): | |
| status: | New → Fix Released |
To post a comment you must log in.
according to mterry 2 things need to happen.
1) dialer app shouldn't allow those features in a locked mode
2) shell should have an extra measure to prevent the exploit