Motorola DROID Comes with Android 2.0.1 Security Flaw

Motorola DROID, one of the most popular Android-based handsets available on the market today, is said to come around with a security flaw, which is included in the Android 2.0.1 code. As many of you might already know, the handset comes with a pattern lock screen, and it seems that the issue allows for the pattern lock screen to be bypassed nice and easily. In other words, that “pattern” of four to nine dots, which can offer a number of more than 350,000 possible combinations, is not as secure as previously believed.

“It has been observed that on other Android phones, if you try to access any applications or data, while the incoming call is in progress, you will be asked for the unlock pattern. However, on the Droid, if you select the “Back” icon during the call you are taken to the “Home” screen without being asked for the unlock pattern. Once you are at the Droid’s “Home” screen, you have full access to all applications and data; for as long as the incoming call is in progress, and you do not select the “Home” icon. When the call ends, or you select the “Home” icon, the Droid asks you to enter the unlock pattern,” a recent article on theassurer states.

When the phone is locked, one would have to introduce the unlock pattern so as to have access to applications and data on the handset. However, this does not apply to answering phone calls too, it seems; yet, with the DROID things are a little different. During a call, one can access all apps and data on the device through simply selecting the back icon. According to theassurer, anyone with physical access to the handset can exploit the issue, provided that he/she knows the phone number so as to call the device.

The access to the phone is said to be limited to the duration of the call, for the unlock sequence or Google account information will have to be entered when the conversation is over. However, it seems that it is also possible to create a new Google account while exploiting the flaw, which means that one will be able to enter the new credentials and gain full access to the device. “We are aware of the issue and we’re working to deliver a fix to Motorola Droids shortly,” is what Google had to say on the matter, reports techcrunch.