ubuntu-phone team mailing list archive

[Michal Suchanek <hramrach@xxxxxxxxx>]

On 12 June 2015 at 13:15, Michi Henning <michi.henning@xxxxxxxxxxxxx> wrote:
>> > Sorry, but I keep thinking that if anyone who found a device which
>> > is locked by a passcode, but SIM signed in, can accept any incoming
>> > call, that this is a security issue.
>
>
> Yeah, happens all the time, dunnit? Bad guy walks past just as the phone
> rings unattended, picks up the call, says "hello, who's there? Could you
> please tell me some compromising information about the owner of this phone?
> Name and bank details would be good."
>
> That really is a serious security issue. We should immediately require
> 6-digit codes (at the very least) whenever the phone rings. Or, preferably,
> a pass-phrase. Because I'm totally happy to enter a lengthy password every
> time my phone rings. After all, I so enjoy the feeling of security that
> gives me. Never mind the occasional missed call because I couldn't get the
> password in quickly enough…
>

It's your preference. That does not mean that different people cannot
have different preferences. There is no need to ridicule them because
they use the device in different way than you do. Opensource is about
choice so if it's not too difficult to add an option to require a code
to pick up a call somebody might implement it and that completely does
not hinder your option to pick up calls without entering a code. There
are even some relatively practical authentication methods like reading
a fingerprint or an RFID.

Besides, it's been pointed out that there is even better security than
that passphrase you propose here. Sometimes the slider required to
pick up the call is missing.

Thanks

Michal