CyanogenMod found logging Android unlock swipe gestures
Posted on 24 October 2012.
CyanogenMod, one of the most popular modified Android firmware on the market, has been found containing code that logs the swipe gestures used by the users to unlock their device.

The offending line of code has been discovered by Gabriel Castro, a developer attached to the CyanogenMod project, and has apparently been added to the firmware source code in August, when un update that made the default grid format for lockscreen gestures configurable.

The unlock pattern was stored directly on the device, but the good news is that the flaw cannot be exploited in extensive attacks. To access the information, an attacker must first gain physical access to the device or its backup.

Still, that leaves plenty of room for exploitation by malicious friends or co-workers, or jealous partners.

According to Castro, the issue can be easily fixed by commenting the code out or just removing the line, and the firmware will not be affected at all.

The project reacted promptly by removing the line in question and pushing out an update that CyanogenMod users are advised to implement as soon as possible.

"The line of code has been introduced by a respectable member of the Cyanogen community and I don't suspect it has been added with malicious intent," Bogdan Botezatu, senior e-threat analyst at Bitdefender, commented for Infoworld. "Most probably, it is a snippet of code used during debugging and forgotten when committing the code."






Spotlight

Fake "Online Ebola Alert Tool" delivers Trojan

Posted on 29 October 2014.  |  Cyber scammers continue to take advantage of the fear and apprehension surrounding the proliferation of the Ebola virus.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //