iOS 7 Lock Screen Bug Leaves Certain Apps Vulnerable For Access

MojoKid writes "News of a proven security vulnerability involving Apple iOS 7 has started making the rounds. The exploit specifically involves the lockscreen, the most common piece of security that stops an unauthorized individual from gaining access to anything important on your phone. The 'hack,' if you want to call it that, is simple: Swipe up on the lock screen to enter the control center, and then open the alarm clock. From there, hold the phone's sleep button to bring up a prompt that will ask you if you wish to shut down, but instead of doing that, hit the cancel option, and then tap the home button to access the phone's multi-tasking screen. With access to this multi-tasking screen, anyone could try opening up what you've already had open on your phone. If you had Twitter open, for example, this person might be able to pick up where you left off and post on your behalf. Or, they could access the camera — and of course, every single photo stored on the phone." The new iPhone models were released today; iFixit has a teardown of the iPhone 5s, giving it a repairability score of 6/10.

Protect your iPhone with a host file

In loving memory of apk.

Re:Protect your iPhone with a host file

[K.+S.+Kyosuke]

Bah. APK protection works much better on Android, not on iOS.

Re:Protect your iPhone with a host file

APK died? Or was institutionalized?

Re:Protect your iPhone with a host file

[noh8rz10]

Not the host file, the HOSTS file!! $10,000 challenge!

Re:Protect your iPhone with a host file

Either is fine, as long as it's permanent.

Re:Protect your iPhone with a host file

It's not fine if you idiots continue mentioning him, it's still pointless spam.

With the NSA storing your every move

[Mister+Liberty]

this is the least of your worries.

Re:With the NSA storing your every move

[Sockatume]

You know, because that applies to every security story and adds no specific value to any of them, you just have to say it once and then stop.

Re:With the NSA storing your every move

[MightyYar]

It is annoying. This overreach is even one of my pet causes, but this spam makes people who think it is dangerous look bad.

Re:With the NSA storing your every move

[Sockatume]

My chief complaint is that it's an either-or proposition which makes it seem like we should just disregard all other security failures just because we're operating under a single massive one.

Re:With the NSA storing your every move

[MightyYar]

Yes, they can't really believe that - they are just trying to inject their pet cause everywhere... as if Slashdotters aren't aware already. It's like the Bush trolls from a few years back.

Re:With the NSA storing your every move

With the NSA storing your every move

Wrong.

The iphone stores your every move, sends the data to Apple, then Apple hands it over to the NSA.

Reminds me of this Windows gif

[mystikkman]

Windows login gif.

http://i.imgur.com/fqjnK.gif

Re:Reminds me of this Windows gif

Sad sign when I see the same top comments on Reddit show up on the Slashdot version of the article 7 hours later.

Re:Reminds me of this Windows gif

Be honest. Everyone here probably spends more time on reddit.

Re:Reminds me of this Windows gif

"le monkey face"..? no.

Re:Reminds me of this Windows gif

[__aasehi2499]

I've never been to reddit, is that bad?

Re:Reminds me of this Windows gif

[Bogtha]

That's a bit complicated isn't it? I know in a lot of versions, you could just hit escape and you'd be dumped onto the desktop.

Re:Reminds me of this Windows gif

Turn in your geek card.

Re:Reminds me of this Windows gif

[93+Escort+Wagon]

Turn in your geek card.

No, it just means he's at least 25 years old.

Re:Reminds me of this Windows gif

[mlts]

I remember this hole on one major UNIX in the '90s (company is now gone), if you had access to its xdm login via local access or XDMCP. The username window will pop up a help box, with an option to redirect the output of a lpr command.

So, a simple, "| xterm" typed in got you a root shell immediately.

This was patched in the next minor rev, but it was a fairly gaping hole at the time.

Re:Reminds me of this Windows gif

[tlhIngan]

The problem was the Windows 9x dialog was not for logging in, but for entering your network credentials so you can access network resources.

Clicking cancel merely meant you couldn't access a network fileshare without rebooting and re-entering the credentials there.

I think it took until XP before you could actually log into a fileserver using alternative credentials...

Alas, the dialog was so poorly worded that many people thought you could use it to password protect your PC, but no. It just set your network credentials.

Re:Reminds me of this Windows gif

[cyberchondriac]

Agreed.. . I was on Reddit once or twice.. does nothing for me.

Re:Reminds me of this Windows gif

Oh yeah, we did that at school (they used Novell's security/networking solution, so it was _slightly_ different) all the time. Also the only way to directly get to C:, which we occasionally had to do.

Could not replicate (as many others can't)

[Kaleidoscopio]

I'm using IOS 7.0 (11A465) on a iPhone 4S.
I've tried to do the hack for half an hour and the phone will never bypass the lock.
There was also a rumor about taking a picture then sharing it thus accessing your contacts, but then again that is not true. The phone will not allow you to share or send a picture until it's lock has been removed.
People are getting this truly out of proportion, why do they care so much about the locking ability of a phone?
If I was a thief and I really wanted your data/phone, I would just start breaking your fingers until you gave it all.
If you are truly the paranoid kind, why do you keep a smartphone in the first place?

Re:Could not replicate (as many others can't)

[Bill_the_Engineer]

Because those of us who value privacy would like our phones to remain locked until we unlock it ourselves. I'd hate to have my email accounts and photos read or copied simply because I misplaced my phone and someone else found it.

Re:Could not replicate (as many others can't)

[Sockatume]

No luck on the iPhone 4 either. I wonder if there's some configurational wrinkle that's missing.

Re:Could not replicate (as many others can't)

[thisisnotreal]

It is disappointing, but true.
Phone security will never be, and we should acknowledge it then.
I guess...that's the thinking.
Then the question is just how insecure are we okay with?

Re:Could not replicate (as many others can't)

Works for me on a regular 4. You cannot launch new apps but previoulsy opened apps that are running are accessible.

Re:Could not replicate (as many others can't)

[SROL]

I was able to replicate it on the iPhone 4s.
On my first try the programs showed up for half a second then it went back to the lock screen. The second try it worked just fine but when I tried to open the "desktop" (I'm new to the phone so I don't know the right word) it locked again.

Re:Could not replicate (as many others can't)

I tried this on my 4s and found it was difficult but not impossible to reproduce. I watched the video on the linked article and I noticed the trick is to double tap the home button very quickly after pressing cancel. I think you're accessing the multitasking menu while the animation is taking place in between canceling and it going back to the clock, so the window is tiny. I was only able to reproduce it about 10% of the time.

Re:Could not replicate (as many others can't)

I was able to replicate it on my phone and my coworker's phone. I was also able to email a photo I had taken yesterday, without unlocking the iPhone, to someone else. Ultimately, my coworkers and I decided to Disable the Control Center function on the lock screen until the OS is patched.

I was able to unlock an iPhone 4s and iPad Mini both with iOS 7.0 and a coworker did an iPad 2.

You have to be quick between the Cancel and double tap of the home button. Not all the apps are impacted (I only found the Camera app to be impacted and none of the other apps I use would respond to attempts to access via this method).

What we found is, if the camera app isn't opened (you've specifically terminated the app while the device was unlocked), you can open the camera while it is locked, do the steps for the bug, and gain access to the photos that should be protected. Once you get to those photos, you can email them out under the users email account (as long as it doesn't require a password to email them out). You might be able to tweet or FB them but I didn't go that far.

I'd post under my registered id but I'm too lazy to get the password for my ./ account reset.

So, whether you can repeat it or not, I would recommend disabling the Control Center function on the lock screen because there are some of us out here who can do it if we get your phone and they probably won't be a nice as I am and not take all yer photos. Stay safe, keep your iOS device on you and out of other people's hands, and disable the control center on lock screen until a patch is ready.

Re:Could not replicate (as many others can't)

iOS 7 on iPhone 5:

Swipe up, clock app, sleep button, cancel out of the power off dialog, hit the home button twice. Yes, one can swipe and see what apps were once run, but it will ignore any taps on other apps, and if one taps on the Springboard icon, it will drop back to the lock screen.

Yes, this is a bug, and hopefully 7.0.1 will fix it, but it doesn't allow anyone off the street to get to your contacts and such.

Re:Could not replicate (as many others can't)

[ArcadeMan]

I also cannot replicate the problem with iOS 7.0 (11A465) on my iPhone 3GS.

Re:Could not replicate (as many others can't)

[cellocgw]

itsatrap

You can't bypass the lock, but you did activate the hidden Trojan that now will send all your BitCoins to the guys who posted this phony (pun intended) hack.

Re:Could not replicate (as many others can't)

[thoromyr]

There is a bug, but it is not what most would consider a lock screen bypass. iOS7 has a new task switcher and you can access this, but it has reduced privileges meaning you can't access any app that you couldn't from the lock screen. And even then it isn't reliable (very likely due to it being the result of a bug).

What it *does* do is leak information about what is installed on the phone, and badges for installed apps (e.g., number of unread emails). But only if those applications are running. Doing a fresh upgrade from 6 to 7 somehow resulted in every application being listed by the task switcher -- its as if they were all started by iOS. You can remove the apps from the task switcher (killing inactive applications).

So, yes, there is a bug. No, it isn't a lock screen bypass. Other than some information leakage ("active" apps) there is no access that did not occur from the lock screen itself.

Re:Could not replicate (as many others can't)

[thoromyr]

Exploring this further, it appears that someone doing this casually may think they have a lock screen bypass because they go through the steps and get full access to any application. The key here is the behavior of locking the phone: is the passcode immediately required or not? If testing this you have to either set that to immediately or wait long enough to ensure it isn't still just "swipe to unlock".

On another note, some combination of factors resulted in no access to the quick swipe apps. Could still swipe to get the camera from its separate point

Re:Could not replicate (as many others can't)

[93+Escort+Wagon]

Works for me on a regular 4. You cannot launch new apps but previoulsy opened apps that are running are accessible.

When I tried it (on an iPhone 5), it does seem - as in the demo video - the apps have to have been opened very recently.

This seems to be related to how iOS 7 handles multitasking. I wonder if disabling background updating of apps would fix it? Later yesterday (after I played around trying to replicate this bug) I disabled background updating, mainly to try to address the poor battery life suckage iOS 7 seems to have introduced on my phone...

Re:Could not replicate (as many others can't)

[rsborg]

I also cannot replicate the problem with iOS 7.0 (11A465) on my iPhone 3GS.

If you don't mind me asking - how'd you get that installed - isn't iOS7 not supposed to be compatible for 3GS.

Re:Could not replicate (as many others can't)

[denmarkw00t]

I tried a good 10 times on my 4 before I got it to work - it's not mentioned and an easy bit to miss in the video: as soon as you tap close you have to do the double-tap on the home button and hold the second tap a little longer than a second maybe. The key though is to do this AS SOON as you hit "Cancel." How this person ever came across the flaw is beyond me, but good poking. Someone should hire her for a QA team.

Re: Could not replicate (as many others can't)

[DigiShaman]

Settings --> General --> Accessibility --> Reduce Motion -- turn on

The novalty wears off the first day or so, that and I don't like my wallpaper stretched causing them to blur (pixels no longer 1:1 ratio).

Re:Could not replicate (as many others can't)

Yes, it is a lock screen bypass..but only for certain, and running functions. Take your boyfriend/girlfriend's locked iPhone that they never let you use and check out their pictures or Tweet a few...see if bypass is the right word. ;-) Full functional bypass? No, but bypass the lock to ruin someone's day, or reputation if you prefer to take a pics of your own to Tweet or FB...just reminds of old game console days. Up, up, left ,left, right, right, down - God Mode!

Re: Could not replicate (as many others can't)

[93+Escort+Wagon]

Yeah, I went looking that setting pretty quickly because you're absolutely right - it went from "interesting" to "meh" to "how the heck do I disable that?" over the course of a couple hours.

It perhaps works better with their own wallpapers, but I use my own photos and it got annoying pretty quick.

Re:Could not replicate (as many others can't)

[ArcadeMan]

Woosh.

Re:Could not replicate (as many others can't)

[cellocgw]

OK so that was a lame joke, but what morons tagged it "flamebait"? "boring" I could understand.

iOS vulnerability

I just tried this on my phone and yes you could see the multitask but you couldn't do anything except go back to the alarm clock or lock screen as far as i could tell

Re:iOS vulnerability

[Joce640k]

Summary says you have to have applications open.

Re:iOS vulnerability

[Sockatume]

It's iOS. Nothing is open ten seconds after the phone is locked.

Re:iOS vulnerability

Score: -1 Factually Incorrect

Re:iOS vulnerability

[Sockatume]

Ten seconds is the time limit given for an app to finish its business if it ceases to be in the foreground or the phone screen is locked. I don't think background services or the brief window in which a compatible app is restarted for Background App Refresh really count.

Re:iOS vulnerability

Being active on the CPU, and being running are two entirely different things. Applications remain resident in memory, and running, just not scheduled in. The only way they close is if they are jettisoned for using too much memory, which becomes more likely when they're backgrounded, but far from guaranteed.

I thought Tim Crook was doubling down on security?

Guess he should have doubled up instead!

Can't replicate

[jamie]

I can't replicate it either. The YouTube video claims I double-tap the home button but the second tap is slightly longer? By the end of the first tap it's already bringing me back to the lock screen, i.e. by the time I'm pressing down for the second tap, I'm already being taken back to the lock screen. iPhone 5, updated last night to 7.0 (11A465).

Re:Can't replicate

you must be quite fast between cancel and double tap

Re:Can't replicate

you must be quite fast between cancel and double tap

Jamie prolly lasts that long in bed w. Cmd. Taco.

Re:Can't replicate

Got It!,

but on my iphone 5 I can do nothing with it. I can see what apps are open. I cannot see their content and I cannot open any of them, and if if I play around in there too long it goes back to the lock screen.

I don't know if there is anything to see there.

Re:Can't replicate

[asylumx]

Just tried this with a co-worker's iphone and yes, if the camera was running you can access all of their previous pictures. Couldn't get it to load their contacts, though.

Re:Can't replicate

[Like2Byte]

I was able to replicate this with caveats.

I was able to replicate this WITHOUT having the 'Passcode Lock' enabled.

I was UNABLE to replicate this WITH 'Passcode Lock' enabled.

I've now restarted an iPad Mini and am STILL UNABLE to replicate with the 'Passcode Lock' enabled.

I'm not sure what the problem with this feature is. Sure, they've 'bypassed' the swipe to unlock screen; but, the user has specifically poked and prodded this iPad Mini in what, I assume, is an extremely unlikely situation. By itself I'm not so sure this is such a major problem. If it had gotten around the 'Passcode Lock' then yeah; but, it doesn't seem to.

Re:Can't replicate

[Like2Byte]

KABOOM! I read some of the other posts. You DO have to double-tap the home button in really fast succession.

So, scratch my previous post.

I was able to replicate this WITHOUT having the 'Passcode Lock' enabled with a single home button tap.

I was also ABLE to replicate this WITH 'Passcode Lock' enabled with a double-tap of the home button. However, I was unable to access any of the open applications from the multi-tasking screen.

Re:Can't replicate

Same here, I could not access apps but I could access camera and all pictures...

Re:Can't replicate

[ageoffri]

I was able to access contacts indirectly. Go into the gallery and share a picture and use messaging. At this point hit the + sign in the upper right. You are then in Contacts. You can view names and phone numbers. I wasn't able to figure out a way to edit contacts or get more details.

Re:Can't replicate

I had success followed those instructions. I could see all the email addresses by sharing the photo via email and typing @ for the email address.

I could also post to twitter and facebook, delete pictures, edit the photos, make new photo streams etc..

Re:Can't replicate

[asylumx]

Yes, I was also able to replicate using the same technique. BTW My coworker knows I'm doing this, I'm not just hacking his phone without him knowing :)

Re:Can't replicate

[BVis]

My (admittedly fairly unscientific) testing seems to indicate that if you have your passcode lock set to lock immediately, you can see what apps are running, but you cannot open any of them. If you set your passcode lock to lock after 5 minutes, you can access the applications... but you could just swipe from the "lock" screen to do the same thing.

As far as I can tell, this "bug" is bullshit. The worst that happens is that someone sees what apps you were running, the screens are greyed out if you "exploit" this successfully.

Try again, Apple haters.

Re:Can't replicate

I managed to get to the multi task screen, but none of the apps can be selected. You can click on it, but nothing happens, and the apps's last shown image is a transparent gray.

Re:Can't replicate

I was able to send an e-mail by going thru the camera as you did. Instead of the alarm clock, I used the calculator initially.

After sending the email, tried to double tap to see if I'd now have access to all the other apps, but it brought the locked screen back again.

Re:Can't replicate

[Like2Byte]

Ah, cool. Good to know! Thanks for the update. I hadn't considered the immediacy of the locking mechanism.

As far as I can tell, this "bug" is bullshit. The worst that happens is that someone sees what apps you were running, the screens are greyed out if you "exploit" this successfully.

Try again, Apple haters.

Agreed! I thought about this while driving. Haters gotta hate. :P

iFixit

[Sockatume]

From iFixit's teardown:

We are currently involved in heavy lobbying to our product designers to create 14k gold replacement screws. They'll be $50 each and strip the first time you try to unscrew them, so they will be perfect for the iPhone. Stay posted.

Ha ha ha.

Re:iFixit

[AmiMoJo]

From the same teardown:

Perhaps the "s" in 5s stands for "stuck," as in "this battery is stuck in with a lot of glue," or "I hope you didn't want to replace your batteryâ"you're going to be stuck with this one."

They just couldn't resist, could they?

iPhone 4 cannot replicate

see subject

iPhone 4 cannot replicate

No joy.

Oh...

[Pooya_M]

So...It has come to this

This sounds vaguely familiar

[Valgar]

Not quite the same, but this sounds somewhat like the old iPad smart-cover bypass trick from a couple years ago.

http://www.theguardian.com/technology/blog/2011/oct/26/ipad-lock-bypass-ios5-cover

Easily avoided

[Mendenhall]

As soon as I did the iOS7 update, I noticed that you could access the camera from the lock screen, and I didn't want someone taking inappropriate pictures on my iPad if they stole it. There is an option in the settings which controls what features are available from the lock screen. If you turn off the Control Panel access from the lock screen, and everything else, this goes away.

So, it's annoying but not fatal as a security issue. I can't imagine anyone wanting to have the device open for the camera when it is locked. I do wish the options were flexible enough that one could still adjust audio settings with it locked.

Re:Easily avoided

[Culture20]

There are plenty of people who want an instant camera instead of fumbling with passcodes and opening the camera app for 30 seconds.

Re:Easily avoided

[joh]

As soon as I did the iOS7 update, I noticed that you could access the camera from the lock screen, and I didn't want someone taking inappropriate pictures on my iPad if they stole it.

You could access the camera from the lock screen from iOS 5 on.

Re:Easily avoided

As soon as I did the iOS7 update, I noticed that you could access the camera from the lock screen

It was already there is the previous iOS6 update.

Sheesh... don't people actually look at their phones anymore?

Re:Easily avoided

[Sockatume]

You could access the camera from the lock screen on the iPhones for a while, is this new to the iPad?

Re:Easily avoided

[parkinglot777]

As soon as I did the iOS7 update, I noticed that you could access the camera from the lock screen

That feature has been included even before iOS7. I could already access the camera in my phone (4S) with only iOS5.x by turning the lock screen on and then swipe the camera icon upward to open the camera functionality. I could also access all pictures taken from this session of the camera as well. However, I cannot access any other pictures taken outside of the session. In other words, other pictures that are already in the photo gallery before turning the camera functionality on from the locked screen are inaccessible unless I unlock the phone. This is NOT a NEW feature.

Re:Easily avoided

If you turn off the Control Panel access from the lock screen, ...

So, it's locked, except that you can immediately change the phone settings without bothering to unlock it?

That's like letting people set a new password for an account before asking them to log in.

Please tell me I'm reading this wrong and that there is actually someone at Apple with more mental capability than a toddler.

Re:Easily avoided

[jellomizer]

"I can't imagine anyone wanting to have the device open for the camera when it is locked."

Well some people want to take pictures right away, before having to type in a password to get to it. Taking inappropriate pictures on your phone/ipad is easily deleted once the damage is done. This was on iOS 6 too.

Re:Easily avoided

[Somebody+Is+Using+My]

You could access the camera from the lock screen on the iPhones for a while, is this new to the iPad?

Yes, it is new to the iPad.

The iPhones (and the forgotten stepchild of the line, the iTouch) had a camera button on the lock screen, but - on IOS6 and below - you did not have this feature on the Ipad.

On the other hand, you did get the stunningly useless "picture frame" button on the iPad lock screen. You know, for those times the battery wasn't draining fast enough on its own. That's disappeared with iOS7

The camera icon on the lock page is new to the iPad. I guess Apple didn't actually expect people to regularly use the iPad as a camera as it's a bit bulky for that purpose; still, I see folk doing it all the time so I suppose it's a needed addition.

IOS7 has some very nice features (I particularly like the new multitasking system and the control center). I just wish they'd let people create their own themes so I wouldn't have to use those horrible new icons. Aside from the terrible color scheme, legibility and recognition are shot to hell with this update...

Re:Easily avoided

[ozbon]

You could access camera from lock screen in iOS6 too - it's not a new feature.

Re:Easily avoided

[tlhIngan]

I noticed that you could access the camera from the lock screen

While it's elegantly done on iOS (swipe up to activate camera versus right when unlocking), on Android, this one feature (introduced in Jellybean 4.2) is probably implemented in the most asinine fashion.

In 4.2, they turned the lock screen into another home screen with limited privileges, so they added pages to the left and right of the lock (left page(s) - user defined widgets, right page - camera). The problem is if you're using the swipe code and start the swipe on the sides, you can easily go "too far" to the left and right and end up changing the lock screen page instead of unlocking the phone. Most annoying. There are fixes to it (there's an app that disables widgets and camera auto-activation this way), but it's a huge PITA as 4.2 makes the unlocking area much smaller.

Of all the iOS features Android could've taken, they take and implement poorly the camera on the lock screen

Already fixed today

[wimmi]

It's supposed to be fixed in 7.01 which should be available today..
Or so I've read from various sources.

Re:Already fixed today

[Sockatume]

Apple have acknowledged the issue and that they intend to fix it, however 7.0.1 is a bug fix release for the 5C and 5S to make up for the fact that their builds are older. (They had to be finished in time to get the phones into boxes and shipped to stores.) I would be surprised if 7.0.1 did anything but bring those two handsets up to date, this bug included.

Yes, it invoked the multitasking screen but...

[dadman]

nothing except the following leaked:
1. The home screen and its icons
2. The app history

Nothing about the content of the app is available on the multitask screens, not even the titles.

" If you had Twitter open, for example, this person might be able to pick up where you left off and post on your behalf. Or, they could access the camera — and of course, every single photo stored on the phone." -- Speculations, and speculations, and more speculations, but definitely not true!

Security issue? Yes. Serious? So so. Disastrous? Not.

Re:Yes, it invoked the multitasking screen but...

If the app in question is a banking app, that is potentially disastrous to an individual.

I just got off the phone with a relatively large regional bank, trying to explain to their technical people why it's NOT OK that the new multitask browser provides an unprotected preview of my last banking session. They seemed to think that it was OK, and I hope the escalation finds the right people.

Re:Yes, it invoked the multitasking screen but...

[mlts]

Ideally, any banking app should have the option to set a PIN code or a password, and after 5-10 wrong guesses, either start adding an exponential delay, purge itself (if there is no critical data just stored with the app) or demand the banking username and password. That way, one's data is protected unless the phone gets compromised when the app is inuse.

There is also an API for storing data in a protected subdirectory as well, so when the device is locked, the stored files are inaccessible. That way, if the app gets switched to, no data will be usable.

Re:Yes, it invoked the multitasking screen but...

[dadman]

"the new multitask browser provides an unprotected preview of my last banking session." -- was this really what you've seen on the iOS 7.0? Mine one didn't show anything...

Re:Yes, it invoked the multitasking screen but...

[dadman]

Apparently, I could not see anything in the camera roll either, on the iOS 7.0. Are you really sure that this is the case as you have described??

Re:Yes, it invoked the multitasking screen but...

[dadman]

Prove it to everyone that this is a troll.

Can't Reproduce

[Sylak]

I can't reproduce this. Is is possible it's specific just to the iPhone 5/s/c?

Re: Can't Reproduce

Works on the latest iPad. I was able to view photos through multitasking (camera app was open before lock). Other open apps visible, but greyed out and inaccessible.

Re: Can't Reproduce

In addition, it apparently can only be done once per initial lock. After accessing camera roll, exiting and then going back to lock screen, the bug would not repeat. after unlocking and locking again it would.

Re:Can't Reproduce

[mkraft]

It took me a few tries, but I reproduced it on my iPhone 4S. Make sure to do exactly what the video does, including going into the camera before going into the Clock app.

Unimpressed.

[MaWeiTao]

I spent most of yesterday evening tinkering with iOS 7 on my iPad. I've got to say, much of it feels like amateur hour, like a bunch of students got together to create a redesign of iOS. I can't tell if they put an inexperienced team on the job, if managers with no proper UX experienced were meddling, or they outsourced the bulk of the work. But as a creative director I would have rejected much of what I was seeing and I can't imagine that Steve Jobs would have approved this release.

Apple, a company supposedly reputed for being a stickler about the details, sure overlooked a lot of things here. So that there's a vulnerability isn't really shocking at this point.

Re:Unimpressed.

Your post contains no insights and no information whatsoever. You are ranting about your personal feelings, without substantiating anything or even describing your observations about the OS.

I spent most of yesterday evening tinkering with iOS 7 on my iPad. I've got to say, much of it feels like a work of art, like a bunch of UX geniuses got together to create a redesign of iOS. I can't tell if they put their most talented and experienced team on the job, if managers with overwhelming UX experience and a vision were leading the team, or they outsourced the bulk of the work to UX gods. But as a creative director I would have climaxed by just having a short glimpse of iOS7 and I can't imagine what God almighty Steve Jobs would have said during the keynote of such a masterpiece.

Re:Unimpressed.

Yes. I agree. It feels unfinished in lots of places and just plain bad in others. A lot of places are very difficult to read due to the razor thin fonts and symbols. There are many places where there is a razor thin font combined with a light grey color on a very white background. This translates to such a reduced contrast that I (and others that I've shown it to) find it difficult.

Everywhere there are menus with just a skinny font on white. Barren, boring and lifeless.

I gave it my best for a few days then thankfully downgraded to 6.1.3. Yes the skeumorphism is a bit overdone in this old version, but as much as 6.1.3 is to far in one direction, 7 is too far in the other.

Re:Unimpressed.

[MoneyT]

There are a number of UX issues with iOS 7 that I'm frankly quite surprised made it through testing or that anyone thought these were good ideas. Ignoring the theme itself (lower definition icons means less context, especially with hi res screens, that context would have been very usable it's the whole reason we do things like image previews for icons in modern OSes rather than generic jpg icons).

1) The "partial shift" no longer has a distinct visible mode on the keyboard. iOS has 4 modes for the shift button. 1: The button is off, everything is lowercase, 2: The button is on, the next letter or symbol is uppercase / shift symbol (? vs /), 3: The button is locked on, all letters are uppercase, but symbols are not shifted, 4: The button is partially on, the next letter is uppercase, but symbols will not be shifted. Mode 4 is the mode the button goes into at the beginning of a line or after a period. It was also previously distinguished by a blue highlight around the shift arrow rather than the arrow being filled in. Now there is no visual distinction between modes 4 and 2.

2) Minimalist button icons. For buttons that aren't text, the icons are very minimalist and without previous knowledge give little to no clue about what they do. For example the "share" button is now a simple box with an up arrow. The bookmarks icon in safari is a weird divided rectangle that if you squint just right you could argue looks like an open book.

3) The ".com" button is now hidden behind the "." key for web address entry making is non-discoverable except by accident.

4) Folders only display a 3x3 grid, even on iPads and do not remember your last position (nor does there appear to be an option for that).

5) When you first open the OS, it tells you that spotlight has moved and to now simply swipe down from any home screen. That's good, it's great that the search functionality is available anywhere. What it doesn't tell you is that you don't swipe down from the top (which gives you notification center. You instead swipe from another place on the screen.

6) The keyboard seems slower and less responsive. This may be just my iPad for some reason, but it appears that the keyboard sometimes hesitates on displaying and coming ready when displayed.

7) Videos have a "make full screen" button, but no longer have a "leave full screen" button that doesn't stop the video from playing. The "Done" button remains, but this stops the video. The only way to leave full screen without stopping the video is to pinch the screen.

None of these are show stoppers by any stretch of the imagination, but they are the sorts of "little things" that apple (and steve jobs in particular) are noted for fussing over. For making sure that those little experiences add up to be a better experience than the sum of their parts.

Re:Unimpressed.

[MoneyT]

There is an option to set the font to bold, which does dramatically improve the thin fonts (though some of the larger text, like the lock screen clock looks odd), it's under the accessibility settings. There's also an increase contrast option (which is distinct from the invert colors option) though I haven't found where that takes effect.

Different thing altogether...

[Thruen]

Couple quick things. Firstly, that feature was already there, odds are you had disabled it before and that setting was reset with the update. Also, you can't access any existing photos from there, it'll only let you browse the photos you've taken since opening the camera, and resets each time you lock the screen again. There are similar features on other phones, it's handy and not by itself a security risk. As for not imagining anyone wanting to have the device open for the camera when it's locked, I think you lack imagination, and possibly even basic sense. I take advantage of it most frequently when I'm traveling and wish to quickly snap a photo without having to type in my password, it often makes the difference between a photo of an animal grazing and one of their behind as they run into the woods.

It's worth noting that this feature doesn't seem related in the least to the security flaw discussed here, as the camera is meant to be quickly accessible in this way. This means the suggestion of turning off control panel access won't fix the security flaw, if that's what you had in mind.

Re:Different thing altogether...

[Mendenhall]

I know they are different things, but it was the camera access that got my attention. Disabling Control Panel access, I think, as I mentioned in the original post, avoids the issue. As far as I can tell, there is no way to get to anything on my iPad without unlocking.

The ad hominem about my lacking imagination and/or sense was not needed or polite.

Re:Different thing altogether...

[Thruen]

I'm not sure if I misunderstood you then or now, but if you understand the article is about something entirely different than the feature you describe then I'm not sure why you bothered to mention it, as it has nothing to do with the article. I'm not shocked you weren't able to reproduce the issue on your iPad, as it seems to be a problem specifically with the iPhone 5S, as described in the article, and there are reports around the web of being unable to reproduce it on other devices.

Also, it's amusing that you mention my ad hominem as unnecessary, when it was in response to your own, and you responded to it with another. Maybe you should run your own blog with comments disabled if you want to be able to post your opinion on the internet and have nobody respond to it. If you find a tame comment like that offensive, public forums are no the place for you.

Re:Different thing altogether...

[narcc]

Why is this so damn difficult for people to understand?

Both of you, stop it!

Re:Different thing altogether...

[R3d+M3rcury]

I take advantage of it most frequently when I'm traveling and wish to quickly snap a photo without having to type in my password [...]

But imagine if I didn't have to enter a password. Imagine if I had some sort of biometric type of system, like a fingerprint reader or facial recognition or something, that would let me unlock my phone without having to enter a password.

Nah. That's crazy talk...

Re:The iPhone 4 was my last iPhone. Going to switc

Btw: I am no native english speaker, so please pardon!

can't replicate

i can't replicate this when a passcode is enabled. and if a passcode is not enabled, why go through all those steps to get to the multitask screen when all you need to do is slide from left to right?

Re:The iPhone 4 was my last iPhone. Going to switc

Then don't buy an iPhone, thats the beauty of a free market don't buy what you don't want. I look at Android and go WOW too, wow as in terms of crapastically cheap looking and god awful UI, which is why I won't buy an android or another for my wife.

It's worse than I thought but easy to fix

If settings is one of the apps the user had open, you can preaty much own the phone.

You can also plug the hole by disabling the ability to open the control center from the lock screen.

Cemaco

No M7 processor?

[UnknowingFool]

This is strange that they couldn't find the M7. Either it is incorporated into the A7 or they missed it somehow. Given the functionality of the M7, it might very small compared to the A7. There appears to be some metal shielding next to the A7. It could be under there. Also the chip next to the Qualcomm WTR1605L isn't identified.

Re:No M7 processor?

[tlhIngan]

This is strange that they couldn't find the M7. Either it is incorporated into the A7 or they missed it somehow. Given the functionality of the M7, it might very small compared to the A7. There appears to be some metal shielding next to the A7. It could be under there. Also the chip next to the Qualcomm WTR1605L isn't identified.

Not really. It's probably part of the silicon that the A7 uses - modern ARM SoCs are full of processors besides the main ARM core - often many auxiliary processors exist. The M7 is probably just another block on the silicon.

In fact, it's not entirely surprising if you find a small ARM core is the only thing that boots when you apply power - the main big beefy cores are kept in reset and power down states. The little ARM core (ARM11 in some cases or a Cortex-M ARM microcontroller in other cases) boots up and is responsible for initializing the system and loading the next block of code up and preparing the main cores to boot it.

Heck, one SoC I worked on had 8 cores (for big.LITTLE), a Cortex-M core to boot and manage power, and a Cortex-R core for modem functionality.

It won't be out of place for Apple to put it on the came silicon. It would just be another programmable processor in a sea of them that makes up a modern SoC.

Re:No M7 processor?

[UnknowingFool]

From what I know about the A7, it is slightly larger than the A6 (die size). I didn't know whether they could fit it in the amount of space if it incorporated a M7 as well as the other changes. Yes, the A7 is on a 28nm instead of 32nm but I didn't think it would be enough.

Re:No M7 processor?

[UnknowingFool]

This conflicting report says that the M7 is from NXP and separate from the A7.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Camera access is the gateway

I've gotten this to work consistently and the key vulnerability here is through the camera. When you bring up the multitasking screen, most apps aren't accessible, but you can access the camera. Unlike the normal lock-screen camera access where you can shoot pictures but not see any photo history other than the shots you took during the current session, by accessing through this hack you can see the entire photo history. Also, you can access the "share" options for camera photos which means you can send emails from the phone, post to Twitter, Facebook, etc.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Turn off control centre

Turn off the control center from the lock screen. It's not bad practice anyway.

Will the discoverers get the 10k bounty?

[mark-t]

http://www.zdnet.com/hackers-crowdfund-bounty-to-hack-iphone-5s-fingerprint-scanner-on-istouchidhackedyet-com-7000020879

Why would they?

[InvisiBill]

http://www.zdnet.com/hackers-crowdfund-bounty-to-hack-iphone-5s-fingerprint-scanner-on-istouchidhackedyet-com-7000020879

I will pay the first person who successfully lifts a print off the iPhone 5s screen, reproduces it and unlocks the phone in < 5 tries $100.

Why would a lockscreen bug have anything to do with this fingerprint scanner bounty?

Re:Why would they?

[mark-t]

Doesn't this exploit bypass the fingerprint lockscreen?

Nope...

[superdave80]

Just tried it on my iPhone 4 several times. It never went past the locked screens. I even watched the video to be sure I was doing it right.

Re:Nope...

[superdave80]

Success! The timing of holding the home button seems to be very critical. I start double-clicking right as soon as I hit the CANCEL button, and hold the 2nd click for about three seconds before releasing. Even after my successful try, I still have trouble doing it consistently.

On a side note, nearly every app was still locked to me. I was able to get the camera and pics open, but that was it.

Re: The iPhone 4 was my last iPhone. Going to swit

Looks like Apple had copied said 'god awful gui'. It's called iOS 7 now.

Fingerprints

[phorm]

One of my friends raised an interesting question:

How can we be sure that the fingerprints stored on the device aren't being retrieved by various intelligence agencies?

Re:Fingerprints

[LordLimecat]

Because theyd be awful low-rez fingerprints?

Re:Fingerprints

[BasilBrush]

If you want to go full on paranoid, that everything you are told might be a lie, they might be. But why ask the question here. We might be lying.

If however you're interested in the technology, an image of the fingerprint isn't stored anywhere. The fingerprint scanner creates a hash, and that is stored in a dedicated secure area in the CPU, salted with a UID from the phone. It's not possible to recreate an actual print from the hash, even if the hash were accessible from software, which it's not.

There's certainly not an image file of your finger print stored on your phone that spyware could upload.

If you're interesting enough for intelligence agencies to want your fingerprint, they'll come and get one off a glass or door handle you've just touched.

Re:Fingerprints

[phorm]

I can see how you can store a hash of a strict item, but wouldn't a fingerprint have enough "fuzzy" difference between inputs in it that making a hash wouldn't work?

Re:Fingerprints

[BasilBrush]

Obviously Apple aren't giving full information about how it works. But the hashing part has been mentioned in several places.

This is the best source of information I found. It includes both what Apple have revealed, together with some informed speculation.

http://www.techhive.com/article/2048514/the-iphone-5s-fingerprint-reader-what-you-need-to-know.html

Actually the most interesting part is that the scanner takes a capacitative rather than optical image. Which explains why the lens isn't transparent (to visible light) and why it's not going to be fooled by photos and photocopies of fingerprints.

It also means that even if someone did get access to the image (which seems impossible), it wouldn't match up with optical fingerprints they might have from elsewhere.

Re:Fingerprints

[phorm]

Thanks for the link, it's rather informative.
I wonder if this reader will be susceptible to dry-finger issues common to touchscreens? Generally an uncovered screen is better, but with a protective film (likely not needed on the fingerprinter reader) dry fingers tend to work poorly. On really dry days, even the straight screen can be a little dicey.

Too much access

[hobarrera]

Swipe up on the lock screen to enter the control center, and then open the alarm clock

Isn't granting access to unauthorized users to the control centre enough of a security hole? Opening the alarm clock? WTF?
This reminds me of OS X, which leaves media keys enabled when the screen is locked - effectively giving access to any audio you may have queued to bystanders.

Lockscreens should just validate password, nothing else.

Word Processor and Reader for Microsoft Office.

[mustafawi]

Word Processor and Reader for Microsoft Office. By Irfan Farooqi IPhone and IPad Lightweight office work on the go Backup of documents Quick access to Documents, Spread sheets, Presentations, notes and memos word processing Pocket Spreadsheet Pocket Presentation Download : https://itunes.apple.com/us/app/documents-word-processor-reader/id642314248?mt=8