10-30-2015 02:29 PM
28 12
tools
  1. dariohead's Avatar
    Hi everyone!

    I looked for a similar topic but couldn't find one, so I hope this one is not a duplicate question...

    I recently noticed one VERY STRANGE thing from the security pointview, on my Lumia 925 running official WP 8.1 Cyan update.

    When I turn on the phone and I am asked to enter a PIN, if I click the back button, I enter my phone's interface normally. Yes, of course, the phone is not connected to a carrier, but I can do with it whatever I want, connect to a wi-fi and see EVERYTHING there is on it, all the data and connected accounts.

    NOW - is this a normal Windows Phone behaviour or?? Because, sorry, but if I have a PIN setup - every phone should simply NOT work until this PIN is entered - don't you agree? Because PIN is not only about protecting your SIM card, but the phone as well.

    Am I missing something or is this a super huge security hole?
    09-18-2015 04:19 AM
  2. micallan_17's Avatar
    Tried it on my 830 with Denim, update 2 and it doesn't do that
    09-18-2015 04:24 AM
  3. dariohead's Avatar
    I am sorry, I am also on Denim, not Cyan! I just tried again, and it's just as described in my original post. I can do EVERYTHING with my phone except make calls and write SMS. :O
    09-18-2015 04:31 AM
  4. Pete's Avatar
    You're probably missing something. Without seeing what's going on, it's difficult to tell you what's happening.

    Pressing the back button in the pin screen will always take you back to the lock screen.
    xandros9 and gpobernardo like this.
    09-18-2015 04:36 AM
  5. dariohead's Avatar
    OK, so one important thing to note here:
    - I am not talking about the Lock Screen Password protection
    - I mean the SIM card PIN

    So, it is normal that if you do not use the "Lock Screen Password" and someone steals your phone, they can simply bypass the SIM card's PIN and access your phone, emails, accounts...?
    09-18-2015 05:09 AM
  6. dariohead's Avatar
    I recorded a short video demonstration of this:
    - https://sendvid.com/ugomlx2y

    Sorry, it loads a bit slowly, but I don't know of better/quicker ways to share a video. :)
    09-18-2015 05:14 AM
  7. Pete's Avatar
    Ok, so that's the important part that you didn't point out.

    The SIM PIN protects your SIM, not your phone.

    This means that someone can't take the SIM out of your phone and use it in another without knowing the PIN. It doesn't lock the other aspects of your handset.
    09-18-2015 05:16 AM
  8. dariohead's Avatar
    And you don't find that problematic? Is this how it also works with other mobile OS-es, iOS, Android?

    I remember that on whatever previous phones I have (this is my first WP one), if you didn't know the SIM PIN you didn't get into the phone - period.
    09-18-2015 05:19 AM
  9. Lee Power's Avatar
    SIM pin protects the sim card. If you want to also protect the phone, set a phone lock pin. My Lumia 930 starts up & asks for sim pin, once pin entered it goes to phone idle / lock screen & requires phone pin before allowing access. If phone is locked & connected via usb lead to a computer, it will not allow connection until the phone pin is entered, once that is done the phone will communicate with pc even if the lock screen times out & relocks the handset until its disconnected from the usb lead.
    gpobernardo likes this.
    09-18-2015 05:24 AM
  10. dariohead's Avatar
    OK fair enough... but phone lock PIN needs to be entered every time you turn on your screen, right? Any way to ask for this PIN only at the phone startup?
    09-18-2015 05:27 AM
  11. Pete's Avatar
    It works like this for Apple as well

    https://support.apple.com/en-us/HT201529

    Note how it only says you won't be able to access cellular services without the SIM PIN. It doesn't do anything to imply that the rest of the phone is also locked off.
    gpobernardo and xandros9 like this.
    09-18-2015 05:27 AM
  12. Krystianpants's Avatar
    And you don't find that problematic? Is this how it also works with other mobile OS-es, iOS, Android?

    I remember that on whatever previous phones I have (this is my first WP one), if you didn't know the SIM PIN you didn't get into the phone - period.
    Yes it works the same. The sim pin is entered on first use.
    09-18-2015 05:27 AM
  13. dariohead's Avatar
    You are right yes... I still think it would be a great option to allow this kind of security... Something like a simple switch:
    "Don't allow phone usage without SIM (PIN)".

    Or am I too old-school? :D
    09-18-2015 05:29 AM
  14. kaantantr's Avatar
    SIM PIN and your device password are two different things. as others mentioned, SIM PIN protects whats inside your SIM card.
    Your device password, wheter it is a computer password or a simple smartphone PIN protects whats inside your device. Usually people set both up when having a smartphone (SIM PIN is obligatory anyway and they set up one for their lockscreen to protect their phones)
    gpobernardo and xandros9 like this.
    09-18-2015 05:30 AM
  15. Lee Power's Avatar
    It doesn't take long to enter the phone pin when you pick the phone up to use it. Id rather have my phone protected by its pin at all times while not in use.
    09-18-2015 05:30 AM
  16. dariohead's Avatar
    OK, get it! :) Thanks guys!

    For me personally, I am looking forward to the Iris scan, to use it without having to enter PIN every single time. If it'll work "as advertised", it will be a really nifty feature! :D
    gpobernardo likes this.
    09-18-2015 05:32 AM
  17. Lee Power's Avatar
    Even using Hey Cortana when my L930 is locked can trigger a phone pin request depending on what ive asked Cortana to actually do.
    xandros9 likes this.
    09-18-2015 05:38 AM
  18. TechnoReact-Site's Avatar
    OK, so one important thing to note here:
    - I am not talking about the Lock Screen Password protection
    - I mean the SIM card PIN

    So, it is normal that if you do not use the "Lock Screen Password" and someone steals your phone, they can simply bypass the SIM card's PIN and access your phone, emails, accounts...?
    yes its normal. It is behaving the way it should. You have lock screen password to protect your phone.
    09-19-2015 04:32 AM
  19. Rose640's Avatar
    You are right yes... I still think it would be a great option to allow this kind of security... Something like a simple switch:
    "Don't allow phone usage without SIM (PIN)".

    Or am I too old-school? :D
    No you're not too old school, i find that weird too. On my old phone when you didn't know the SIM pin, you wouldn't be able to acces the phone. Goog thing i saw this. Gonna set the lock screen pw right away.
    09-19-2015 05:09 AM
  20. SamJHannan's Avatar
    OK fair enough... but phone lock PIN needs to be entered every time you turn on your screen, right? Any way to ask for this PIN only at the phone startup?
    Not exactly what you're asking, but I have mine set to only ask if the phone has been inactive for 30 minutes, so it's not a huge hassle entering it every time.
    09-19-2015 05:09 AM
  21. Jazmac's Avatar
    Good tip.
    But this is something I wouldn't have considered using as a PHONE lock. You never locked the phone, just the sim. I haven't seen what happens if someone got hold of your sim and attempted to get information from it though. Maybe the sim pin will do what you expect then.
    09-19-2015 11:52 AM
  22. DavidinCT's Avatar
    And you don't find that problematic? Is this how it also works with other mobile OS-es, iOS, Android?

    I remember that on whatever previous phones I have (this is my first WP one), if you didn't know the SIM PIN you didn't get into the phone - period.
    Your NOT locking the Phone. Your locking your SIM, if you try to make a phone call, find your contacts that are stored on your SIM, you wont be able to access it.

    This is how it works, there is no security hole here.

    Nothing to see here people, move on...
    09-19-2015 03:51 PM
  23. arjunan's Avatar
    OK, so one important thing to note here:
    - I am not talking about the Lock Screen Password protection
    - I mean the SIM card PIN

    So, it is normal that if you do not use the "Lock Screen Password" and someone steals your phone, they can simply bypass the SIM card's PIN and access your phone, emails, accounts...?
    The Sim card pin is only meant to protect information on the sim, not the Phone. It is so that no one else can use your sim card.
    09-19-2015 08:11 PM
  24. dariohead's Avatar
    Thank you all for comments!

    Well, I totally understand the difference between SimCard and Lock Screen now, and it's a great advice about the "30 minute idle" option before asking for a lock screen pin.

    I just think that from usability/security point of view, it would be nice to have an option that "binds" this together, so no SIMcard PIN or no SIMcard at all - block the mobile phone use totally. :)
    SamJHannan likes this.
    09-21-2015 01:41 AM
  25. Lee Power's Avatar
    My old Sony Ericsson K750I could be set so if your sim card was removed or a different sim card was inserted, the phone when switched on would ask for a user set pin to unlock the phone so it could be used.
    09-21-2015 01:55 AM
28 12

Similar Threads

  1. Double tap to wake up issue and screen going black when making a call
    By Alin Ghita in forum Windows 10 Mobile Insider Preview
    Replies: 3
    Last Post: 10-01-2015, 12:47 AM
  2. What the hell is going on in U.S.?
    By saras112 in forum The "Off Topic" Lounge
    Replies: 15
    Last Post: 09-26-2015, 09:02 AM
  3. Windows Central app not working on sim data connection (Win10 Mobile 10536 1004)
    By dioni87 in forum Windows Central for Windows Phone - App Support
    Replies: 2
    Last Post: 09-19-2015, 11:58 PM
  4. How can I roll back to Windows 8.1 on HTC 8X from W10 TP?
    By noor khan1 in forum Windows 10 Mobile Insider Preview
    Replies: 3
    Last Post: 09-19-2015, 11:52 PM
  5. How can I uninstall iTunes on my Windows 10?
    By Windows Central Question in forum Ask a Question
    Replies: 0
    Last Post: 09-17-2015, 11:23 PM
LINK TO POST COPIED TO CLIPBOARD