xanax xanax online without prescription taking viagra and xanax soma overnight cod no rx soma online delivery order phentermine next day phentermine hcl capsules buy tramadol cash on delivery tramadol hcl 50 mg tablet tev chinese viagra viagra discount online cialis online australia 20mg generic cialis pills buying ambien online ambien cautions for the elderly Valium overnight delivery no a rx overnight Valium order fioricet 250mg no rx fioricet canada buy cheap discounted Meridia Meridia overnight without prescription buy xanax cod overnight cheap generic xanax soma no rx foreign buy soma online without dr approval phentermine 37.5mg blue and white tab buy phentermine online in the uk tramadol overdose resumption tramadol classified drug how do i order viagra online can you order viagra from a canadian pharmacy generic cialis pills and generic viagra cialis overnight us pharmacy buy online rx ambien without buy ambien online overnight Valium how much can you take buy liquid valium online how to get a doctor to prescript fioricet fioricet online uk meridia overnight fedex cheap meridia by fedex cod order generic xanax online buy xanax online buy soma overnight soma online phentermine 37.5 mg no prescription cheap phentermine cod cheapest tramadol overnight very cheap tramadol online Viagra no prescription order Viagra without prescription generic cialis buy cialis online buy Ambien no prescription buy Ambien online cod buy no prior perscription Valium

WM6 + Voice Command Conundrum

February 27, 2007 · Posted in Uncategorized · 1 Comment 

Well a few weeks ago the tinkering within me to play with WM6 took over and commanded that I revert back to Windows Mobile 6 (a.k.a. Crossbow) and in doing so I have had the opportunity to do some pretty interesting things.  Recently, however, the most interesting/alarming thing I did was use my phone despite the password lock.

Now those of you who are familiar with the Windows Mobile platform you know that you can go to Start—Settings—Lock and input either a simple password or a complex password to lock your device after X minutes.

So as my phone sat next to me and the password lock screen came on, I just wanted to know what my battery status was but was feeling a little lazy to actually input my password just to read my battery status.  So I said, let me just try using the voice command function to check my battery status. So I push the button it beeps (letting me know it is ready for my command) and I say, “What is my battery status?” and it replies, “The battery level is 85% and charging.” I was impressed, so I thought….”hmm… let me try calling someone.”  So I pushed the button again and said, “Call Voicemail,” immediately I heard the dialing noise and was connected to my voice mail asking me to key in my code. So I thought…this can get interesting.  Next I thought could I run an application? So I pushed the button again and this time said, “Start PowerPoint” and what do you know the password lock screen was sent to the background and PowerPoint came to the foreground. At which point I was now able to tap on the Start Menu and go to Programs or even Settings and fiddle around until my hearts content.

So now I’m thinking, well this is Windows Mobile 6 and since it’s technically not final it just might a bug that Microsoft will work out once it is released, but then I started thinking, what if it isn’t a bug in Windows Mobile 6… What if it is a bug in the Voice Command software?

Now the most secure thing Microsoft could do is when the password lock screen comes on disable all buttons except the Accept Call, End Call, and Power Buttons, or disable voice command from being called when the screen lock is on.  But in both cases I thought Microsoft might not want to shoot themselves in the foot too quick.  I thought how can this possible vulnerability be turned into something that would help Microsoft…simple only allow specific functions of voice command to work in the even the password lock screen is activated. Specific commands that should be allowed would be to call, or request the status of your battery level, or signal strength.

Well that’s enough for now, I hope this will be corrected or I don’t think too many corporate/business users would like to have voice command on their units since it allows them to by pass the password functionality giving a potential malicious user access to all the devices data.

Just imagine this video but instead of the device wiping itself or the finder/theif being deterd by the password lock screen imagine them saying “Call Voicemail” (and for those who don’t have password security enforced on their voicemail) being able to listen to one’s voicemails, or even saying “Show Contacts” or “Start Notes” or…. well you get the idea.

If video goes off line for some reason, you can download it from here:

Download: Final-MobilityV7-300K.zip – you might need VLC Player to view this.
*UPDATE*

Well as it turns out it was just a fluke that this happened. I continued to tinker with my device (trying to get the T-Mobile Mail Trigger Settings to work without the annoying prompt) and a few soft-resets later the device no longer responds to the Voice Command application launches. It will now function like it should, meaning that you can check battery status, signal strength, and call your contacts. You can still launch applications; however, they will NOT come to the foreground replacing the password lock screen.

And just in case you were wondering about the T-Mobile Mail Triggers, yes I did get it to work.

Tags: no tags