Want to get paid for a vulnerability similar to this one?
Contact us at: firstname.lastname@example.org
I made my first ever “Black Friday” purchase last week. Staples (for those outside North America, this is a “big box” office supplies store with a large computer and tech section) had a door-crasher special of a Digital2 brand 7″ tablet, running Android 4.1, marked down from $250 to $70. We had to go past a Staples on an errand, so I stopped in and got it.
I don’t quite regret getting it: particular at that price it is probably worth it. I may do a review of its shortcomings at some point. (Low memory, poor storage management, slow performance, limited battery, incompatible with some apps, poor file management options, many functions irregular.) However, I came across something this morning that indicates a weakness.
One of the oddities is that there is no indication of charging or battery unless the tablet is on. So, while charging, I had the tablet on to check the battery level. The indicator icons are on the lower right of the screen on this model, and, in order to get more details on the charge, I touched that area. But I had forgotten to unlock the device.
Lo and behold, it brought up the quick indicator list anyway, and, along with it, the notifications. Prodding at this, I found that I couldn’t get into the settings menu proper, but I could access any of the notification messages. And, once into any of those apps I had full access.
(This sounds similar to a number of lock-screen vulnerabilities that I’ve heard of on various Android and iOS versions and devices, but it seemed to be simpler and more direct than most.)