Verizon Motorola Droid 2 and Droid X security flaw discovered
Both Droids allow the execution of Google voice actions on the phone even if it is locked with a password or code. With the device so locked, and the passcode prompt visible on the screen, holding down the Search softkey (for both phones) or the keyboard Search key (for the Droid 2) for 4 seconds will trigger Google’s voice actions. Thus then speaking to the device will result in an action. Saying “Call Home” will do just that (provided you have “Home” in the address book), even if your device was supposed to be locked.
This looks like it’s an issue specific to Motorola and/or Motoblur, since it hasn’t been replicated on smartphones from other manufacturers.
Here’s a video showing exactly what is going on:
This flaw is obviously problematic in that it still allows certain actions to be taken when the phone should be fully locked down from use by strangers. Motorola hasn’t yet commented, but they probably will soon.