ubuntu-phone team mailing list archive

[Michal Karnicki <michal.karnicki@xxxxxxxxxxxxx>]

On Fri, Jun 12, 2015 at 9:39 AM, Michael Zanetti <
michael.zanetti@xxxxxxxxxxxxx> wrote:

> > Sorry, but I keep thinking that if anyone who found a device which
> > is locked by a passcode, but SIM signed in, can accept any incoming
> > call, that this is a security issue.
>
> I guess I could agree, although, the other end is probably not going
> to give you bank details if the voice isn't what it expects...
>
> ​[...]
>
>
> > And keep in mind, the caller could be the attacker itself to get
> > access to this features on a normaly locked device.
>
> Also keep in mind that an incoming call does not unlock the phone. It
> just puts a stripped down version of the dialer on top of the lockscreen



​Until we have a feature of tracking down/manipulating/wiping a lost
device, showing PIN entry before accepting a call​ would be the worst
imaginable thing we could do. I also completely agree with what had been
said by my colleagues - such security must not come at a cost of expected
usability.

Cheers,
karni


-- 
Software Engineer
Professional and Engineering Services
Canonical Ltd.

Ubuntu - Linux for human beings | www.ubuntu.com