PhoneLock Bypass???! Potential Security Bug??!!

SOLVED
davem2626
Valued Contributor

PhoneLock Bypass???! Potential Security Bug??!!

Hi

 

I have just discovered that if you enable the PhoneLock feature then you can easily bypass it without a password!

 

As in my previous post I created the phonelock button:

 

  <efk>
    <version efk.version="2" />
    <efklist
        efk.efklist.1.mname="Lock"
        efk.efklist.1.label="Lock"
        efk.efklist.1.status="1"
        efk.efklist.1.action.string="$FLockPhone$"
      />
    </efk>
  <softkey
     softkey.1.label="Lock"
     softkey.1.action="$FLockPhone$"
     softkey.1.enable="1"
     softkey.1.precede="1"
     softkey.1.use.idle="1"
   />

 

This all works fine however if you press Unlock then just press enter with no credentials the phone unlocks! I have checked the Admin guide however there is no mention of setting a password for the phonelock ie like phoneLock.password="" so as the phone downloads the config and can read the TAG value the password is known by the phone enabling the user to just bypass the security of the lock!

 

Does anyone know how to get around this security flaw or is it just one of those things that may have been overlooked??

 

Many thanks

 

Dave

Message 1 of 4
1 ACCEPTED SOLUTION

Accepted Solutions
davem2626
Valued Contributor

Re: PhoneLock Bypass???! Potential Security Bug??!!

Hi Steffen

 

Sorry please accept my appologies - the device.auth entries were in the sys.cfg file and not the phone%BWDEVICEID%.cfg file so where the system wide tags were blank and the user tags were not it was reading the system tags.....

 

This now all works perfectly!

 

Sorry again - learning all the time! :)

 

Best regards

 

Dave

View solution in original post

Message 4 of 4
3 REPLIES 3
SteffenBaierUK
Polycom Employee & Community Manager

Re: PhoneLock Bypass???! Potential Security Bug??!!

Hello Dave,

 

a good starting point is always to provide the software version where you think you have discovered an issue.

 

I did a quick test running UCS 5.0.0 on a VVX310 and could not use the Enter Softkey to bypass the phone lock.

 

In addition to your follow up question the FAQ contains this post here:

 

Apr 23, 2013 Question: How can I lock my phone?

Resolution: Please check => here <=

 

Please provide more details or raise this via your Polycom reseller and/or Polycom support directly.

 

Best Regards

 

Steffen Baier

----------------

If official support is required please check how to phone or open a case here

----------------
The title Poly Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. All posts and words are my own & do not represent the views of Employer.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 2 of 4
davem2626
Valued Contributor

Re: PhoneLock Bypass???! Potential Security Bug??!!

Hi Steffen

 

Sorry UC Software Version 4.1.5.3284 Polycom VVX300

 

I looked at the FAQ however we use tags:

 

  <device device.set="1">

    <device.auth
        device.auth.localAdminPassword.set="1"
        device.auth.localAdminPassword="%ADMIN_PASS%"
        device.auth.localUserPassword.set="1"
        device.auth.localUserPassword="%USER_PASS%"
    />

 

%ADMIN_PASS% = 555

%USER_PASS% = 666

 

Can still bypass the lock screen... Are you able to confirm?

 

 

Many thanks

 

Dave

Message 3 of 4
davem2626
Valued Contributor

Re: PhoneLock Bypass???! Potential Security Bug??!!

Hi Steffen

 

Sorry please accept my appologies - the device.auth entries were in the sys.cfg file and not the phone%BWDEVICEID%.cfg file so where the system wide tags were blank and the user tags were not it was reading the system tags.....

 

This now all works perfectly!

 

Sorry again - learning all the time! :)

 

Best regards

 

Dave

Message 4 of 4