Sending SMS to lock stolen phone shows theif the unlock pin?phone

novirus
edited January 2022 in Mobile Security


Using mobile security on two android phones I sent an SMS from one to the other containing the text


bd-12345 locate


In order to simulate locating a stolen phone. In order for this to work you have to include the unlock pin for the remote phone (eg 12345) in the SMS message you send


I correctly got back an SMS from the remote phone with a link to Google maps showing me where it was.


However. The remote phone that received the SMS showed the whole text message, including the unlock pin (12345) on the screen so any would be thief now not only knows that I've tried to locate my phone but they also know the unlock pin!


This would be even worse if I'd sent 'bd-12345 lock' in order to lock the stolen phone as the action of locking it would also tell the thief, via the SMS message, the pin they needed to unlock it again.


Surely this can't be right? Shouldn't the SMS containing the command remain hidden on the receiving phone?


 


 

Tagged:

Comments


  • Hello,


     


    Recent Android versions no longer allows us to hide that bit of information.


    As a workaround you can configure your Phone not to display private information while locked.


    You can also lock/locate the phone from Central.


  • Thank you for replying on the forum, I've had no answer from email technical support to any of my tickets raised since early January.


    However your answer is an almost word for word reply to the one you gave to  Maki711 on 5th Jan.


     


    What do you mean by ' configure your Phone not to display private information while locked ' and what difference would that make?


    If my (unlocked) phone is stolen on holiday and, because I wouldn't be able to get to Central, I wanted to lock it from my wife's phone,then the SMS and unlock pin is shown on my phone.


    If my phone was already locked I wouldn't need to send the SMS in the first place, whether I had configured it to show sensitive information when locked or not. 


    But anyway, if this aspect of bitdefender cannot work with modern Android (who have 80% of the phone market) why is this not mentioned in the sales pitch and adverts instead of fooling potential customers by claiming that it works with all phones. This is one of the main reasons why I bought Bitdefender.


     


  • This looks like a problem in urgent need of a solution. I have recently purchased Bitdefender Total Security with  one of the main selling points being the purported ease of activating and, if necessary, using anti-theft protection on all of my covered devices, including an android smartphone.  Should a loss or theft occur, it would likely be much easier and faster to simply borrow a nearby cell phone to send the appropriate SMS command than to connect to Bitdefender Central via the internet. The "solution" offered by Sorin G. would seem to indicate that we should all keep our phones locked all the time and would use anti theft protection as necessary to LOCATE, SCREAM, or WIPE. Comments?


  • Yup that's correct, Instead of contacting their manufacturer or their provider, they must have the ability to do that function, I hope that also they have some supports regarding about the IMEI blocking of a specific device. So if the phone is not locked so far, the thing is that the phone's communication function is disabled.


    I hope new feature will be applied soon. hoping for the best. default_happy.png