Motorola KRZR Security Alert

  • Posted by Chase
  • April 3, 2007

KRZR

Do you have a Motorola KRZR? Then you might want to be more careful with your passwords….

This phone by accidental design stores passwords that you enter into your phone, even though it displays (********) as you type them in. Here is an example below of the information that was passed along to Motorola and their lack of response to this major security problem

Here’s the message sent to Moto:

Hello,

I purchased a Moto KRZR a few weeks ago. In that time I discovered a rather serious security issue. Passwords typed into a password field are being saved in the user dictionary.

For example, I visited the WAP interface of a work site. It requires me to login. The password field shows asterisks when I type in the password. Later when I go to send a text message, I started typing a word which contained the first couple letters of my password - it auto-complted my password.

The password was alpha-numeric and unique. It doesn’t even contain any dictionary words.

I have since returned the phone largely due to this issue.

Thanks.

It has been over 30 days and still no response…..I guess they don’t care, and thus why this information needed to be shared!

Information and Links

Join the fray by commenting, tracking what others have to say, or linking to it from your blog.

Information
April 3rd, 2007
3 Responses
Feeds and Links
Comment Feed
From This Author
Del.icio.us
Digg
Technorati
Categories and Tags
Information

Other Posts
Control F12 - #54 - Estrogen
Control F12 - #53 - Live at Infernalan III

Write a Comment

Take a moment to comment and tell us what you think. Some basic HTML is allowed for formatting.

You must be logged in to post a comment. Click here to login.

Reader Comments

Comment Number:
1
Written by:
MobileMacs » Blog Archive » KRZR: Schlüsselbund ohne Schlüssel
Posted on:
April 3, 2007 at 8:12 am

[...] Motorola KRZR wartet mit einem ganz tollen neuen Feature auf: gibt man in WAP-Dialogen Kennwörter ein, werden diese so ganz nebenbei im Benutzerwörterbuch [...]

Comment Number:
2
Written by:
oda.com » Motorola KRZR Security Alert
Posted on:
April 5, 2007 at 10:08 pm

[...] am worried and scared to hear that there is a security alert on the Motorola KRZR, my cellphone (I have the black one, but I love this blue one). Basically what happens is when you [...]

Comment Number:
3
Written by:
atomdraco
Posted on:
May 2, 2007 at 1:24 pm

Chase,

What is the software and flex version on your phone? Goto “Menu -> Settings -> Phone Status -> Other Information”. Check both the “S/W Version” and “Flex version”. Would you be able to provide a couple of sample password that shows the problem? I cannot not duplicate the same problem you are mentioning.

Thanks,
Someone trying to help