Ubuntu
messaging-app package

Security breach: bubble displays message preview when screen is unlocked

Bug #1543070 reported by eva
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
messaging-app (Ubuntu)
Triaged
Undecided
Unassigned

Bug Description

This is not a proper bug in the software behaviour, but an important functional security breach.
Nowadays we use the phone to validate our bank transactions, to double step login, etc. We receive a secret code in the phone so we can authenticate the transaction, or validate ourselves as the right person using it.
But when doing a bank transference or any other secure operation that requires my phone to validate it, surprisingly, anyone holding my phone in the moment the message is received, can see the secret code, and then do a fraudulent operation with my phone without even unlocking the screen.

Thanks.

Device: Smartphone BQ Aquaris 4.5E
O.S.: Ubuntu Phone

phablet@ubuntu-phablet:~$ lsb_release -rd
Description: Ubuntu 15.04
Release: 15.04
phablet@ubuntu-phablet:~$

Tyler Hicks (tyhicks)
information type: Private Security → Public Security
Marc Deslauriers (mdeslaur)
Changed in messaging-app (Ubuntu):
status: New → Triaged
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.