• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Rather large security hole in Touchdown?

M

magnavita

Lurker
I think I stumbled upon a rather large security hole in Touchdown and its pin entry.

I have a myTouch with the latest apps and patches on it. Nothing fancy, not rooted.

If, when you get to the pin entry dialog in Touchdown, you simply switch to the phone app, then use the Back button (or Home, then Back...haven't done extensive testing), you're presented your Touchdown home - no pin entry blocking you, even after a fresh powerup.

Is this sort of a known hack around these pin-style apps? Or is this a problem with the way Touchdown's pin entry works?

Either way, a note to the developers is probably warranted? These days, IT depts are getting more and more secure-conscious with powerful phones like this, and may be upset to know that emails and contacts are as insecure as this. It was suggested by my IT dept that I purchase Touchdown a few months ago, and it works great, but this makes me worry.
 
can this be reproed over and over?

We've tried this on a couple devices and haven't been able to make this happen.

this is a stock ROM, not rooted device, correct?

Would you please send a mail to support@nitrodesk.com so our support folks can walk you through generating a diagnostics log so that we can see what's happening on your device.

Thanks!

Ron
 
I can't get this to happen on my dell streak.

I have noticed that the pin is cached, or there is some time out value associated with when you enter the pin so that if I return to touchdown with a short period of time I will not get the prompt for a pin.
 
right....that's a "time-out" setting that's pushed form Exchange. they admin can say that it will only require the PIN if it's been more than 2 minutes since the data was last accessed, etc.

if anyone else can test the above scenario and report back, please do and let me know what type of device and what version of Android.


Thanks!
 
Rongo said:
can this be reproed over and over?

We've tried this on a couple devices and haven't been able to make this happen.

this is a stock ROM, not rooted device, correct?

Would you please send a mail to support@nitrodesk.com so our support folks can walk you through generating a diagnostics log so that we can see what's happening on your device.

Thanks!

Ron
Click to expand...
The post is 2 years old?
 
yes, it is old, but we had another user report the issue today and referenced this article.

It's been fixed long ago but we just want to be sure. too many folks are relying on TouchDown to leave anything to chance.
 
You must log in or register to reply here.
Back
Top Bottom