PIN screen can be easily bypassed on WP 8.1

Toggle sidebar Toggle sidebar
D

dariohead

New member
Jul 18, 2014
28
0
0
Hi everyone!

I looked for a similar topic but couldn't find one, so I hope this one is not a duplicate question...

I recently noticed one VERY STRANGE thing from the security pointview, on my Lumia 925 running official WP 8.1 Cyan update.

When I turn on the phone and I am asked to enter a PIN, if I click the back button, I enter my phone's interface normally. Yes, of course, the phone is not connected to a carrier, but I can do with it whatever I want, connect to a wi-fi and see EVERYTHING there is on it, all the data and connected accounts.

NOW - is this a normal Windows Phone behaviour or?? Because, sorry, but if I have a PIN setup - every phone should simply NOT work until this PIN is entered - don't you agree? Because PIN is not only about protecting your SIM card, but the phone as well.

Am I missing something or is this a super huge security hole?
 
I am sorry, I am also on Denim, not Cyan! I just tried again, and it's just as described in my original post. I can do EVERYTHING with my phone except make calls and write SMS. :O
 
You're probably missing something. Without seeing what's going on, it's difficult to tell you what's happening.

Pressing the back button in the pin screen will always take you back to the lock screen.
 
OK, so one important thing to note here:
- I am not talking about the Lock Screen Password protection
- I mean the SIM card PIN

So, it is normal that if you do not use the "Lock Screen Password" and someone steals your phone, they can simply bypass the SIM card's PIN and access your phone, emails, accounts...?
 
Ok, so that's the important part that you didn't point out.

The SIM PIN protects your SIM, not your phone.

This means that someone can't take the SIM out of your phone and use it in another without knowing the PIN. It doesn't lock the other aspects of your handset.
 
And you don't find that problematic? Is this how it also works with other mobile OS-es, iOS, Android?

I remember that on whatever previous phones I have (this is my first WP one), if you didn't know the SIM PIN you didn't get into the phone - period.
 
SIM pin protects the sim card. If you want to also protect the phone, set a phone lock pin. My Lumia 930 starts up & asks for sim pin, once pin entered it goes to phone idle / lock screen & requires phone pin before allowing access. If phone is locked & connected via usb lead to a computer, it will not allow connection until the phone pin is entered, once that is done the phone will communicate with pc even if the lock screen times out & relocks the handset until its disconnected from the usb lead.
 
OK fair enough... but phone lock PIN needs to be entered every time you turn on your screen, right? Any way to ask for this PIN only at the phone startup?
 
dariohead said:
And you don't find that problematic? Is this how it also works with other mobile OS-es, iOS, Android?

I remember that on whatever previous phones I have (this is my first WP one), if you didn't know the SIM PIN you didn't get into the phone - period.
Click to expand...

Yes it works the same. The sim pin is entered on first use.
 
You are right yes... I still think it would be a great option to allow this kind of security... Something like a simple switch:
"Don't allow phone usage without SIM (PIN)".

Or am I too old-school? :D
 
SIM PIN and your device password are two different things. as others mentioned, SIM PIN protects whats inside your SIM card.
Your device password, wheter it is a computer password or a simple smartphone PIN protects whats inside your device. Usually people set both up when having a smartphone (SIM PIN is obligatory anyway and they set up one for their lockscreen to protect their phones)
 
It doesn't take long to enter the phone pin when you pick the phone up to use it. Id rather have my phone protected by its pin at all times while not in use.
 
OK, get it! :) Thanks guys!

For me personally, I am looking forward to the Iris scan, to use it without having to enter PIN every single time. If it'll work "as advertised", it will be a really nifty feature! :D
 
Even using Hey Cortana when my L930 is locked can trigger a phone pin request depending on what ive asked Cortana to actually do.
 
dariohead said:
OK, so one important thing to note here:
- I am not talking about the Lock Screen Password protection
- I mean the SIM card PIN

So, it is normal that if you do not use the "Lock Screen Password" and someone steals your phone, they can simply bypass the SIM card's PIN and access your phone, emails, accounts...?
Click to expand...

yes its normal. It is behaving the way it should. You have lock screen password to protect your phone.
 
dariohead said:
You are right yes... I still think it would be a great option to allow this kind of security... Something like a simple switch:
"Don't allow phone usage without SIM (PIN)".

Or am I too old-school? :D
Click to expand...

No you're not too old school, i find that weird too. On my old phone when you didn't know the SIM pin, you wouldn't be able to acces the phone. Goog thing i saw this. Gonna set the lock screen pw right away.
 
dariohead said:
OK fair enough... but phone lock PIN needs to be entered every time you turn on your screen, right? Any way to ask for this PIN only at the phone startup?
Click to expand...

Not exactly what you're asking, but I have mine set to only ask if the phone has been inactive for 30 minutes, so it's not a huge hassle entering it every time.
 
You must log in or register to reply here.

Similar threads

M
Cannot log on to windows after motherboard change
Replies
0
Views
2K
Windows Discussion
mjw7265
M
Windows Central
I got my hands on ASUS' monster RTX 5090 gaming laptop — I already found one feature I want to see on more systems
Replies
0
Views
89
Windows Central News Feed: Comments & Discussion
Windows Central
Windows Central
F
  • Question Question
Getting out of safe mode / can't log in
Replies
3
Views
3K
Windows Support: Ask A Question
Bla1ze
Bla1ze
C
Windows Greed
Replies
0
Views
2K
Windows Discussion
Colonelbob
C
Windows Central
Microsoft AI CEO predicts AGI within 7 years, but not with 'current hardware' as indicated by Sam Altman: "I don’t think it can be done on [Nvidia...
Replies
0
Views
249
Windows Central News Feed: Comments & Discussion
Windows Central
Windows Central

Latest posts

Trending Posts

Members online

No members online now.
Total: 1,796 (members: 1, guests: 1,795)

Forum statistics

Threads
338,701
Messages
2,261,717
Members
428,750
Latest member
Ash92

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom