Guest skanna Posted March 3, 2005 Report Posted March 3, 2005 I recently downloaded the free Codewallet software from the GOPASS promo on Handago. The program is fine but I have just noticed that my password has been stored into my T9 dictionary. Therefore, if I am writing a text msg and I am in T9 mode, and I press say the first 2 keypresses of my password, the whole password is displayed in the drop down list of possible words! This is hardly secure, and it will give complete access to all the info stored within Codewallet! Can someone else please check this out.
Guest markgamber Posted March 3, 2005 Report Posted March 3, 2005 Have you written the authors of the software about this?
Guest skanna Posted March 3, 2005 Report Posted March 3, 2005 No - just found out. Didn't happen on the E200. Only th C500 as T9 has changed.
Guest Disco Stu Posted March 3, 2005 Report Posted March 3, 2005 Surely it's a 'fault' of the T9 system rather than a fault of CodeWallet ? Still doesn't reveal your password to anyone other than yourself. T9 picks up on phone numbers as well etc
Guest markgamber Posted March 3, 2005 Report Posted March 3, 2005 (edited) Surely it's a 'fault' of the T9 system rather than a fault of CodeWallet ? Still doesn't reveal your password to anyone other than yourself. T9 picks up on phone numbers as well etc <{POST_SNAPBACK}> Ah yes, I see what's going on now. I suppose the proper "fix" would be to disable T9 "learning" when entering data into a "password" field as defined by the Win32 API. That would require a ROM patch, however, and that's probably not happening tomorrow or any time soon so I'd still write to the software author and see if they can come up with a workaround. An alpha board like that in that volleyball game where letters and numbers are selected by the direction pad or something, for example, giving T9 nothing to learn. Edit: Fixing typos. Man, I'm kind of wishing I had stayed awake in English class. ;-) Edited March 4, 2005 by markgamber
Guest Disco Stu Posted March 3, 2005 Report Posted March 3, 2005 DeveloperOne are cool guys. They'd appreciate the feedback. I'd be interested to hear what they think. I wonder if they're aware of the 'flaw' ?
Guest markgamber Posted March 4, 2005 Report Posted March 4, 2005 Likewise, I'd be interested in what they have to say also. Having thought about it a bit, that's kind of a nasty bug. I noticed T9's picking up phone numbers and stuff before but I hadn't thought about passwords. Neither did the manufacturers, apparently.
Guest tudor Posted March 4, 2005 Report Posted March 4, 2005 I don't think it's a bug, but a feature :D T9 remembers too much. Still doesn't reveal your password to anyone other than yourself. The main reason to have a secure wallet on the phone is to be protected for when you lose the phone. Otherwise you'd just write everything in a text file! The only solution is creating a custom control which accepts key press, but it's not a text box, so T9 keeps its nose out of it.
Guest Disco Stu Posted March 4, 2005 Report Posted March 4, 2005 I can't replicate the problem. I have just unlocked my protected CodeWallet files on my C500, come out, started a new text message and keyed in the first 2 digits of my CodeWallet password. T9 suggests a list of junk 'words' but fails to include my password. Feel free to flame me if I've missed something. Could you have entered your password somewhere else that T9 might have picked it up from ? Also the PPC version uses the number pad, but that is irrelevant here.
Guest markgamber Posted March 4, 2005 Report Posted March 4, 2005 I can't replicate the problem. I have just unlocked my protected CodeWallet files on my C500, come out, started a new text message and keyed in the first 2 digits of my CodeWallet password. T9 suggests a list of junk 'words' but fails to include my password. Feel free to flame me if I've missed something. Could you have entered your password somewhere else that T9 might have picked it up from ? Also the PPC version uses the number pad, but that is irrelevant here. <{POST_SNAPBACK}> Likewise, I can't repro it on the mitac 8390. Once of the original messages stated that it didn't do it on an E200, also, so I guess it's just the C500 that has the problem? Pretty amazing mitac hasn't f'ed this up considering that they have to look the word "competent" up in a dictionary and the only "support staff" they have is a stick used to prop up their company president in the morning.
Guest skanna Posted March 4, 2005 Report Posted March 4, 2005 I have changed my password and the new one is not being stored by T9?? Its strange because the old password is still present in the T9 dictionary, and I suppose it can't be removed. But also when entering it in codewallet, in the numeric input mode, the numbers would be displayed and not turn into asterisks as they do with the new password, which is also numeric. i.e all the numerical password characters would be displayed, rather than when normally entering a password, and the characters turn into asterisks. Anyway the new password is secure so the problem is solved. Dont know if the old password got into the T9 dictionary by some other method, although I dont use it for any other purpose. The password is obviously important as its the key to all your other passwords/pin numbers, especially should the phone be lost.
Guest markgamber Posted March 4, 2005 Report Posted March 4, 2005 I have changed my password and the new one is not being stored by T9?? Its strange because the old password is still present in the T9 dictionary, and I suppose it can't be removed. But also when entering it in codewallet, in the numeric input mode, the numbers would be displayed and not turn into asterisks as they do with the new password, which is also numeric. i.e all the numerical password characters would be displayed, rather than when normally entering a password, and the characters turn into asterisks. Anyway the new password is secure so the problem is solved. Dont know if the old password got into the T9 dictionary by some other method, although I dont use it for any other purpose. The password is obviously important as its the key to all your other passwords/pin numbers, especially should the phone be lost. <{POST_SNAPBACK}> I'd guess they got in there some other way, then. I noticed that when I specified a password, they didn't turn into asterisks but that's fine with me, I can see what it is I'm entering in there and if someone behind me is looking over my shoulder, I can punch them in the head and that'll be the end of that. ;-) BTW, if you want to be safe, copy \Storage\Application Data\T9AW.UDB off the phone (in case you want it back) and then delete the file on the phone. That file is where T9 stores things it has learned. You'll have to start over with things not in the dictionary but you won't have to worry about the passwords being in there, either.
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now