Community

If you have a PIN code on your phone you will still have to enter it before you can access either the voice search or contacts. There should not be any security issues with this.

_alexdon_

@CameronT @TurmaGW yeah, forgot to say that. Thanks Cameron.

alexdon

TurmaGW

Clear but i could start a application via voice command - and at the moment i enter the phone the application will instandly started ... some lag of security, because i couldn't prevent the start anymore.

TurmaGW

Hi there,

i've have been posted this issue @ google allready. The security team gathered and test the case @ nexus device and could NOT repdroduce the testcase here.

Copy and Paste from Google :

------------------ snip ---------------

@ Lockscreen for Android 6.0.1 Cellphone i've found that the left symbole is the voice search for items at the net and also activating local function via "ok google start [APPNAME/LINNAME]"

This function i've investigated @ Sony Xperia Z3 installed Android 6.0.1 Base 8974-AAAAANAZQ-00109-57 Kernel 3.4.0-perf-g3189667 Build 23.5.A.0.570.

The Cellphone IS NOT a rooted device. Work as provided by Sony.

Testcase :

1) Security for Unlock via Pin / Pattern Unlock is activated.
2) Screen Lock Time = 30 Seconds
3) All Applications -- STOPPED / Terminated --
4) Lock the Phone

5.0) Start the Phone again to Lockscreen
5.1) Choose the Voice Search Button ( See attached Screenshot_2016-04-29-15-37-58.jpg )
5.2) Say "Ok Google RUN | ApplicationName OR LINK and so on.... |
5.3) Application is started @ the current logon User
5.4) Reactivate Phone and go through Pin and/or Pattern Unlock
5.5) After sucessfull logon the choosen Application via "Ok-Google + Run Appname"
is started - instand - without the possibility to stop the process

For Illustraed the process i've attached the "overview.png" image file :

1) Using voice search
2) run a app
3) login
4) google instand start app
5) app is started

this could be good but this could be also used to use the "bad" software from "outside" the login mechanic of google.

If you enabeld Talkback and using öffne SMS you will also capture two factor auth. from banking sending a sms for transfer a tan to you.

This isn't a quite clear hack, because you "only" use the mechanic of google voice search + google "ok google" commands. It is a starter for using diffrent attacks.

I've also confirmed opening LINKS ( Stored before from Chrome Browser ) and i've opened the pages after using voice @ lockscreen. There are multiple scenarios thinkable.

I my humble opinion this should be fixed asap so the Voice Search is, in normal state, deactivated and only reachable after login process.

At all every application could be run with this method. And so every level ( from simple App with no right up to a root application ) could be started. Combined with scripting and startup parameters this could be a quite big security imapct @ a phone.

Also good prepared pages are a good entry point to go on @ the "hack".

----------- snip ------------

To understand the issue i've attached the screenshots :

The Way how it works Overview:

https://drive.google.com/open?id=0B4CWpS0WY7GUMGRCTnU5OHl3c2s

Action say with "Ok Google" into the Voice Search loacted @ the lockscreen - Phone is NOT UNLOCKED! - ( I've done the screen within unlocked mode - because i was not able to take screenshot @ lockscreen whild using "Ok Google")

https://drive.google.com/open?id=0B4CWpS0WY7GUVGtoWjNPU0dlblU

Action taken DIRECTLY / INSTAND after unlocking the Phone : https://drive.google.com/open?id=0B4CWpS0WY7GUcVlkUDk1VVAwMlE

With this method some attackers could install a app - and than a simple voic command is enough to run a software directly after logon. No big case but could be a big problem than talkback is actived and you've use the phone for e.x. banking 2 factor auth.