Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

  It was a fresh boot, and instead of the usual lock icon, the fingerprint icon
  was showing. It accepted my finger, which should not happen, since after a
  reboot, you must enter the lock screen PIN or password at least once to decrypt
  the device.
i was surprised to read this part too. assuming that the author's version of the events are accurate here, my best guess is that the device had not fully powered down, and was in either a low-power/hibernate or find-my-phone mode, where portions of the security subsystem were still powered, hence the device-unlock PIN was still cached. i don't otherwise see how else a fingerprint alone would allow for the device to be unlocked on cold boot.

of course this detail doesn't take away from the rest of the report - great find xdavidhu!



Doesn’t seem like a full unlock, see the next paragraph: “After accepting my finger, it got stuck on a weird “Pixel is starting…” message, and stayed there until I rebooted it again.”




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: