[phone-app] bypass lock on shell possible
Bug #1375513 reported by
kevin gunn
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu UX |
Fix Released
|
Critical
|
Olga Kemmet | ||
dialer-app |
Fix Released
|
Critical
|
Renato Araujo Oliveira Filho | ||
dialer-app (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
unity8 (Ubuntu) |
Invalid
|
Critical
|
Michael Terry |
Bug Description
from a private bug 1374773
With the "Recent" option in the dialer in emergency call mode it's possible to get to the task switcher, app scope
Steps to reproduce
1. Set a passcode
2. Swipe away welcome screen
3. Tap 'emergency call' - phone opens
4. Swipe "Recent" bottom edge up
5. Swipe a contact left, choose message (screen locks, wait for osk)
6. Swipe away osk
7. Tap 'emergency call' - phone opens again to 'recent'
8. Swipe left a person, tap person icon (screen locks)
9. Tap 'emergency call'
10. Swipe in from right of screen, observe muliple apps, and you can pick any of them.
This bypasses screen lock.
Related branches
lp:~renatofilho/address-book-app/fix-1375513
- Gustavo Pichorim Boiko (community): Approve
- Bill Filler (community): Approve
- PS Jenkins bot: Approve (continuous-integration)
-
Diff: 28 lines (+3/-1)1 file modifiedsrc/imports/Ubuntu/Contacts/PageWithBottomEdge.qml (+3/-1)
lp:~renatofilho/address-book-app/release-30-09-2014
- Bill Filler (community): Approve
- PS Jenkins bot: Approve (continuous-integration)
-
Diff: 220 lines (+29/-20)6 files modifieddata/address-book-app.desktop.in.in (+2/-0)
po/address-book-app.pot (+18/-17)
src/imports/ContactEdit/ContactDetailAvatarEditor.qml (+3/-0)
src/imports/ContactEdit/ContactEditor.qml (+2/-1)
src/imports/ContactView/ContactFetchError.qml (+1/-1)
src/imports/Ubuntu/Contacts/PageWithBottomEdge.qml (+3/-1)
Changed in dialer-app: | |
assignee: | nobody → Gustavo Pichorim Boiko (boiko) |
Changed in dialer-app: | |
assignee: | Gustavo Pichorim Boiko (boiko) → Renato Araujo Oliveira Filho (renatofilho) |
Changed in dialer-app: | |
status: | New → In Progress |
Changed in ubuntu-ux: | |
status: | Confirmed → Triaged |
Changed in dialer-app: | |
status: | In Progress → Fix Released |
Changed in unity8 (Ubuntu): | |
status: | Incomplete → Invalid |
Changed in ubuntu-ux: | |
status: | Triaged → Fix Committed |
Changed in dialer-app (Ubuntu): | |
status: | New → Fix Released |
To post a comment you must log in.
according to mterry 2 things need to happen.
1) dialer app shouldn't allow those features in a locked mode
2) shell should have an extra measure to prevent the exploit