CyanogenMod logged the unlock swipe gestures in Android OS
CyanogenMod, maybe the most popular custom Android firmware available, was found containing a code that logged the swipe gestures made by the users in order to unlock their device.
This, let’s say “malicious” line of code was discovered by Gabriel Castro, a creator that has a partnership with the CyanogenMod project, has apparently showed up in the firmware source code in August 2012, after an update that made the default grid format for lockscreen gestures configurable.
Good news is that this flaw cannot be exploited as the unlock pattern was stored directly on the device. In order to get access to this information, a hacker must first obtain physical access to the gadget or its backup.
Anyway, there is a lot of open space for exploitation by rude friends, co-workers or even jealous partners.
Castro explained that the issue can be simply fixed by commenting the code out or by deleting the entire line, without the firmware being affected at all.
The project creators reacted promptly by deleting the line in question and releasing a patch that CyanogenMod users are advised to install as soon as possible.
“The line of code has been introduced by a respectable member of the Cyanogen community and I don’t suspect it has been added with malicious intent,” Bogdan Botezatu, senior e-threat analyst at Bitdefender, commented for Infoworld. “Most probably, it is a snippet of code used during debugging and forgotten when committing the code.”