updated 06:10 pm EDT, Fri October 15, 2010
Droid 2, X allow voice actions without password
Motorola's Droid 2 and Droid X may be uniquely vulnerable to a new exploit that allows users to compromise them without even entering a password. While at the lock screen, a user can make a phone call to any number, and possibly other actions, using the Voice Actions feature built into Android 2.2. All that's currently required in BGR's testing is to hold one of the search buttons that would trigger the command once unlocked.
The issue doesn't appear to affect other phones upgraded to Android 2.2, such as the Nexus One or the Samsung Captivate. It's implied so far that the trick may be specific to Motorola's Blur interface.
Motorola hasn't had an opportunity to respond to requests for comment and thus hasn't said whether it's aware of the issue or planning a fix. Whether or not the flaw is unique is also uncertain. The relative ease has nonetheless raised concern that customized versions of Android are introducing new security holes that wouldn't show up on the Nexus One, G2 or other stock Android phones.