Revision history [back]

Dear Jolla Team, I found out today that a Jolla Phone which is connected via USB gives complete access to the folder Sailfish\Phone Memory.config\signond. Within this folder are lying 2 sqlite databases. Both can be opened with a stadard SQLite Manager like, for example, the Firefox Extension https://code.google.com/p/sqlite-manager/. In both cases the databases can be accessed without knowing any passwort. Inside I found my eMail-Passwort in clearcase-readable.

I thin this is a security risk since connecting a phone to the wrong computer could give a script a chance to copy these dbs directly and giving my credentials for 3rd party accounts.

I know that this is not so likely to happen but tha fact that one can simply access these files via windows explorer could give even other possibilities to read these files.

i think two steps should be performed, set a user passord for the sqlite dbs and/or encrypt the password. Even if both methods can broken by brute force it will at least raise the efforts needed to use the information.

Greetings

Dear Jolla Team, I found out today that a Jolla Phone which is connected via USB gives complete access to the folder Sailfish\Phone Memory.config\signond. Within this folder are lying 2 sqlite databases. Both can be opened with a stadard SQLite Manager like, for example, the Firefox Extension https://code.google.com/p/sqlite-manager/. In both cases the databases can be accessed without knowing any passwort. Inside I found my eMail-Passwort in clearcase-readable.

I thin think this is a security risk since connecting a phone to the wrong computer could give a script a chance to copy these dbs directly and giving my credentials for 3rd party accounts.

I know that this is not so likely to happen but tha fact that one can simply access these files via windows explorer could give even other possibilities to read these files.

i think two steps should be performed, set a user passord for the sqlite dbs and/or encrypt the password. Even if both methods can broken by brute force it will at least raise the efforts needed to use the information.

Greetings

Dear Jolla Team, I found out today that a Jolla Phone which is connected via USB gives complete access to the folder Sailfish\Phone Memory.config\signond. Within this folder are lying 2 sqlite databases. Both can be opened with a stadard SQLite Manager like, for example, the Firefox Extension https://code.google.com/p/sqlite-manager/. In both cases the databases can be accessed without knowing any passwort. Inside I found my eMail-Passwort in clearcase-readable.

I think this is a security risk since connecting a phone to the wrong computer could give a script a chance to copy these dbs directly and giving my credentials for 3rd party accounts.

I know that this is not so likely to happen but tha the fact that one can simply access these files via windows explorer could give even other possibilities to read these files.

i I think two steps should be performed, set a user passord for the sqlite dbs and/or encrypt the password. Even if both methods can broken by brute force it will at least raise the efforts needed to use the information.

Greetings

Dear Jolla Team, I found out today that a Jolla Phone which is connected via USB gives complete access to the folder Sailfish\Phone Memory.config\signond. Within this folder are lying 2 sqlite databases. Both can be opened with a stadard SQLite Manager like, for example, the Firefox Extension https://code.google.com/p/sqlite-manager/. In both cases the databases can be accessed without knowing any passwort. Inside I found my eMail-Passwort in clearcase-readable.

I think this is a security risk since connecting a phone to the wrong computer could give a script a chance to copy these dbs directly and giving my credentials for 3rd party accounts.

I know that this is not so likely to happen but the fact that one can simply access these files via windows explorer could give even other possibilities to read these files.

I think two steps should be performed, set a user passord for the sqlite dbs and/or encrypt the password. Even if both methods can broken by brute force it will at least raise the efforts needed to use the information.

Greetings

Dear Jolla Team, I found out today that a Jolla Phone which is connected via USB gives complete access to the folder Sailfish\Phone Memory.config\signond. Within this folder are lying 2 sqlite databases. Both can be opened with a stadard SQLite Manager like, for example, the Firefox Extension https://code.google.com/p/sqlite-manager/. In both cases the databases can be accessed without knowing any passwort. Inside I found my eMail-Passwort in clearcase-readable.

I think this is a security risk since connecting a phone to the wrong computer could give a script a chance to copy these dbs directly and giving my credentials for 3rd party accounts.

I know that this is not so likely to happen but the fact that one can simply access these files via windows explorer could give even other possibilities to read these files.

I think two steps should be performed, set a user passord for the sqlite dbs and/or encrypt the password. Even if both methods can broken by brute force it will at least raise the efforts needed to use the information.

Greetings

Dear Jolla Team, I found out today that a Jolla Phone which is connected via USB gives complete access to the folder Sailfish\Phone Memory.config\signond. Within this folder are lying 2 sqlite databases. Both can be opened with a stadard SQLite Manager like, for example, the Firefox Extension https://code.google.com/p/sqlite-manager/. In both cases the databases can be accessed without knowing any passwort. Inside I found my eMail-Passwort in clearcase-readable.

I think this is a security risk since connecting a phone to the wrong computer could give a script a chance to copy these dbs directly and giving my credentials for 3rd party accounts.

I know that this is not so likely to happen but the fact that one can simply access these files via windows explorer could give even other possibilities to read these files.

I think two steps should be performed, set a user passord for the sqlite dbs and/or encrypt the password. Even if both methods can broken by brute force it will at least raise the efforts needed to use the information.

Greetings

Dear Jolla Team, I found out today that a Jolla Phone which is connected via USB gives complete access to the folder Sailfish\Phone Memory.config\signond. Within this folder are lying 2 sqlite databases. Both can be opened with a stadard SQLite Manager like, for example, the Firefox Extension https://code.google.com/p/sqlite-manager/. In both cases the databases can be accessed without knowing any passwort. Inside I found my eMail-Passwort in clearcase-readable.

I think this is a security risk since connecting a phone to the wrong computer could give a script a chance to copy these dbs directly and giving my credentials for 3rd party accounts.

I know that this is not so likely to happen but the fact that one can simply access these files via windows explorer could give even other possibilities to read these files.

I think two steps should be performed, set a user passord for the sqlite dbs and/or encrypt the password. Even if both methods can broken by brute force it will at least raise the efforts needed to use the information.

Greetings

Dear Jolla Team, I found out today that a Jolla Phone which is connected via USB gives complete access to the folder Sailfish\Phone Memory.config\signond. Within this folder are lying 2 sqlite databases. Both can be opened with a stadard SQLite Manager like, for example, the Firefox Extension https://code.google.com/p/sqlite-manager/. In both cases the databases can be accessed without knowing any passwort. Inside I found my eMail-Passwort in clearcase-readable.

I think this is a security risk since connecting a phone to the wrong computer could give a script a chance to copy these dbs directly and giving my credentials for 3rd party accounts.

I know that this is not so likely to happen but the fact that one can simply access these files via windows explorer could give even other possibilities to read these files.

I think two steps should be performed, set a user passord for the sqlite dbs and/or encrypt the password. Even if both methods can broken by brute force it will at least raise the efforts needed to use the information.

Greetings

Edit jgr 2014-04-16: To see how easy it is for anyone to steal your credentials (e.g. mail address + password), see my answer below. You only have to visit the wrong web site.

Dear Jolla Team, I found out today that a Jolla Phone which is connected via USB gives complete access to the folder Sailfish\Phone Memory.config\signond. Within this folder are lying 2 sqlite databases. Both can be opened with a stadard SQLite Manager like, for example, the Firefox Extension https://code.google.com/p/sqlite-manager/. In both cases the databases can be accessed without knowing any passwort. Inside I found my eMail-Passwort in clearcase-readable.

I think this is a security risk since connecting a phone to the wrong computer could give a script a chance to copy these dbs directly and giving my credentials for 3rd party accounts.

I know that this is not so likely to happen but the fact that one can simply access these files via windows explorer could give even other possibilities to read these files.

I think two steps should be performed, set a user passord for the sqlite dbs and/or encrypt the password. Even if both methods can broken by brute force it will at least raise the efforts needed to use the information.

Greetings

Edit jgr 2014-04-16: To see how easy it is for anyone to steal your credentials (e.g. mail address + password), see my answer below. You only have to visit the wrong web site.

Dear Jolla Team, I found out today that a Jolla Phone which is connected via USB gives complete access to the folder Sailfish\Phone Memory.config\signond. Within this folder are lying 2 sqlite databases. Both can be opened with a stadard SQLite Manager like, for example, the Firefox Extension https://code.google.com/p/sqlite-manager/. In both cases the databases can be accessed without knowing any passwort. Inside I found my eMail-Passwort in clearcase-readable.

I think this is a security risk since connecting a phone to the wrong computer could give a script a chance to copy these dbs directly and giving my credentials for 3rd party accounts.

I know that this is not so likely to happen but the fact that one can simply access these files via windows explorer could give even other possibilities to read these files.

I think two steps should be performed, set a user passord for the sqlite dbs and/or encrypt the password. Even if both methods can broken by brute force it will at least raise the efforts needed to use the information.

Greetings

Dear Jolla Team, I found out today that a Jolla Phone which is connected via USB gives complete access to the folder Sailfish\Phone Memory.config\signond. Within this folder are lying 2 sqlite databases. Both can be opened with a stadard SQLite Manager like, for example, the Firefox Extension https://code.google.com/p/sqlite-manager/. In both cases the databases can be accessed without knowing any passwort. Inside I found my eMail-Passwort in clearcase-readable.

I think this is a security risk since connecting a phone to the wrong computer could give a script a chance to copy these dbs directly and giving my credentials for 3rd party accounts.

I know that this is not so likely to happen but the fact that one can simply access these files via windows explorer could give even other possibilities to read these files.

I think two steps should be performed, set a user passord password for the sqlite dbs and/or encrypt the password. Even if both methods can be broken by brute force it will at least raise the efforts needed to use the information.

Greetings

Dear Jolla Team, I found out today that a Jolla Phone which is connected via USB gives complete access to the folder Sailfish\Phone Memory.config\signond. Within this folder are lying 2 sqlite databases. Both can be opened with a stadard SQLite Manager like, for example, the Firefox Extension https://code.google.com/p/sqlite-manager/. In both cases the databases can be accessed without knowing any passwort. Inside I found my eMail-Passwort in clearcase-readable.

I think this is a security risk since connecting a phone to the wrong computer could give a script a chance to copy these dbs directly and giving my credentials for 3rd party accounts.

I know that this is not so likely to happen but the fact that one can simply access these files via windows explorer could give even other possibilities to read these files.

I think two steps should be performed, set a user password for the sqlite dbs and/or encrypt the password. Even if both methods can be broken by brute force it will at least raise the efforts needed to use the information.

Greetings

Dear Jolla Team, I found out today that a Jolla Phone which is connected via USB gives complete access to the folder Sailfish\Phone Memory.config\signond. Within this folder are lying 2 sqlite databases. Both can be opened with a stadard SQLite Manager like, for example, the Firefox Extension https://code.google.com/p/sqlite-manager/. In both cases the databases can be accessed without knowing any passwort. Inside I found my eMail-Passwort in clearcase-readable.

I think this is a security risk since connecting a phone to the wrong computer could give a script a chance to copy these dbs directly and giving my credentials for 3rd party accounts.

I know that this is not so likely to happen but the fact that one can simply access these files via windows explorer could give even other possibilities to read these files.

I think two steps should be performed, set a user password for the sqlite dbs and/or encrypt the password. Even if both methods can be broken by brute force it will at least raise the efforts needed to use the information.

Greetings