Slashdot Mirror
iOS 7 Lock Screen Bug Leaves Certain Apps Vulnerable For Access
MojoKid writes "News of a proven security vulnerability involving Apple iOS 7 has started making the rounds. The exploit specifically involves the lockscreen, the most common piece of security that stops an unauthorized individual from gaining access to anything important on your phone. The 'hack,' if you want to call it that, is simple: Swipe up on the lock screen to enter the control center, and then open the alarm clock. From there, hold the phone's sleep button to bring up a prompt that will ask you if you wish to shut down, but instead of doing that, hit the cancel option, and then tap the home button to access the phone's multi-tasking screen. With access to this multi-tasking screen, anyone could try opening up what you've already had open on your phone. If you had Twitter open, for example, this person might be able to pick up where you left off and post on your behalf. Or, they could access the camera — and of course, every single photo stored on the phone."
The new iPhone models were released today; iFixit has a teardown of the iPhone 5s, giving it a repairability score of 6/10.
In loving memory of apk.
this is the least of your worries.
Windows login gif.
http://i.imgur.com/fqjnK.gif
I'm using IOS 7.0 (11A465) on a iPhone 4S.
I've tried to do the hack for half an hour and the phone will never bypass the lock.
There was also a rumor about taking a picture then sharing it thus accessing your contacts, but then again that is not true. The phone will not allow you to share or send a picture until it's lock has been removed.
People are getting this truly out of proportion, why do they care so much about the locking ability of a phone?
If I was a thief and I really wanted your data/phone, I would just start breaking your fingers until you gave it all.
If you are truly the paranoid kind, why do you keep a smartphone in the first place?
I just tried this on my phone and yes you could see the multitask but you couldn't do anything except go back to the alarm clock or lock screen as far as i could tell
Guess he should have doubled up instead!
I can't replicate it either. The YouTube video claims I double-tap the home button but the second tap is slightly longer? By the end of the first tap it's already bringing me back to the lock screen, i.e. by the time I'm pressing down for the second tap, I'm already being taken back to the lock screen. iPhone 5, updated last night to 7.0 (11A465).
From iFixit's teardown:
We are currently involved in heavy lobbying to our product designers to create 14k gold replacement screws. They'll be $50 each and strip the first time you try to unscrew them, so they will be perfect for the iPhone. Stay posted.
Ha ha ha.
No kidding!!! What do you say at this point?
see subject
No joy.
So...It has come to this
Not quite the same, but this sounds somewhat like the old iPad smart-cover bypass trick from a couple years ago.
http://www.theguardian.com/technology/blog/2011/oct/26/ipad-lock-bypass-ios5-cover
As soon as I did the iOS7 update, I noticed that you could access the camera from the lock screen, and I didn't want someone taking inappropriate pictures on my iPad if they stole it. There is an option in the settings which controls what features are available from the lock screen. If you turn off the Control Panel access from the lock screen, and everything else, this goes away.
So, it's annoying but not fatal as a security issue. I can't imagine anyone wanting to have the device open for the camera when it is locked. I do wish the options were flexible enough that one could still adjust audio settings with it locked.
It's supposed to be fixed in 7.01 which should be available today..
Or so I've read from various sources.
nothing except the following leaked:
1. The home screen and its icons
2. The app history
Nothing about the content of the app is available on the multitask screens, not even the titles.
" If you had Twitter open, for example, this person might be able to pick up where you left off and post on your behalf. Or, they could access the camera — and of course, every single photo stored on the phone." -- Speculations, and speculations, and more speculations, but definitely not true!
Security issue? Yes. Serious? So so. Disastrous? Not.
I can't reproduce this. Is is possible it's specific just to the iPhone 5/s/c?
I spent most of yesterday evening tinkering with iOS 7 on my iPad. I've got to say, much of it feels like amateur hour, like a bunch of students got together to create a redesign of iOS. I can't tell if they put an inexperienced team on the job, if managers with no proper UX experienced were meddling, or they outsourced the bulk of the work. But as a creative director I would have rejected much of what I was seeing and I can't imagine that Steve Jobs would have approved this release.
Apple, a company supposedly reputed for being a stickler about the details, sure overlooked a lot of things here. So that there's a vulnerability isn't really shocking at this point.
Couple quick things. Firstly, that feature was already there, odds are you had disabled it before and that setting was reset with the update. Also, you can't access any existing photos from there, it'll only let you browse the photos you've taken since opening the camera, and resets each time you lock the screen again. There are similar features on other phones, it's handy and not by itself a security risk. As for not imagining anyone wanting to have the device open for the camera when it's locked, I think you lack imagination, and possibly even basic sense. I take advantage of it most frequently when I'm traveling and wish to quickly snap a photo without having to type in my password, it often makes the difference between a photo of an animal grazing and one of their behind as they run into the woods.
It's worth noting that this feature doesn't seem related in the least to the security flaw discussed here, as the camera is meant to be quickly accessible in this way. This means the suggestion of turning off control panel access won't fix the security flaw, if that's what you had in mind.
Honestly!
I had many iPhones before and I always liked their way of simplicity and intuitive easy of use. Sadly with the new iOS 7 and the horrible prices of the new models of phones a border has been crossed. I sat down the past few days and thought about alternatives. One alternative was to switch to an normal Phone without any bells and whistles (Like the Nokia 100 for a few bucks) or maybe giving Android a chance.
I still had very bad experiences with Android 2.2/2.3 on an Yarvik Tab 410 therefore I was quite curious whether I should ever give an Android phone another try or not. Then I started to watch some reviews of Samsung S4, HTC and that Google Phone (Nexus) I belive. I also looked at some Cyanogen reviews... ... the conclusion was "Wow".
Yes a simple WOW and END. After all the years I only cared for Apple iPhones and Apple Apps and always had the bad experience with Android 2.2/2.3 in my mind and now - with all the reviews that I saw I ended up speachless. Still I can't value the usability of the new Android versions over the usability till iOS 6 but from it's looks the new versions really gained momentum.
I really don't know what's inside the head of Apple increasing prices with every phone. Pulling the old iPhone 5 in a plastic Cage and selling it as some brand new. I also don't get what drove them nuts with the new horrible Design *cough* that is called iOS 7 with all these crappy icons. Whoever is resposbile for this horrible experience should be thrown out of Apple instantly. To say: I won't switch to iOS 7 until something happens. Till then I still keep iOS 6.
What also pisses me off right now is all these "app style switches" from all these one man companies. Without even taking care of their existing customers they rush out halfbacked "conversions" of the new iOS 7 styles rendering it's usability totally useless for all those people who still plan and enjoy iOS 6. These one man companies even don't announce any changes. They silently provide updates. I already have some beef with some of these developers because I paid money for the apps and somehow being forced by Apple to update - to avoid getting the red button showing me the left updates.
There were no clear rules set up by Apple how developers should deal with the new and old design of apps. Some companies and 3rd party developers at least made their app depend on iOS 7 - which somehow is a good as well as bad thing. Some other companies simply applied a new app to the app store so people using iOS 6 can still enjoy the other version of the app (still maintained), whether the new ones with iOS 7 switch to the new design.
I am quite upsed and pissed off to deal with "maintaining" my phone all the time rahter than using it. Honestly I also feel sorry for all those folks following Apple like an religion by standing in line for the new phone for quite a few hours only to be "first". I wonder whether these people actually do this because they "want" it (addiction), or because Apple is some sort of religion.
Valuing my money and having kids, I also need to look over the border and started to realize, that there is much more happening by competition to a more suitable price.
That's what I had to get rid. Thanks for reading.
Btw: I am no native english speaker, so please pardon!
i can't replicate this when a passcode is enabled. and if a passcode is not enabled, why go through all those steps to get to the multitask screen when all you need to do is slide from left to right?
Then don't buy an iPhone, thats the beauty of a free market don't buy what you don't want. I look at Android and go WOW too, wow as in terms of crapastically cheap looking and god awful UI, which is why I won't buy an android or another for my wife.
If settings is one of the apps the user had open, you can preaty much own the phone.
You can also plug the hole by disabling the ability to open the control center from the lock screen.
Cemaco
This is strange that they couldn't find the M7. Either it is incorporated into the A7 or they missed it somehow. Given the functionality of the M7, it might very small compared to the A7. There appears to be some metal shielding next to the A7. It could be under there. Also the chip next to the Qualcomm WTR1605L isn't identified.
Well, there's spam egg sausage and spam, that's not got much spam in it.
Comment removed based on user account deletion
I've gotten this to work consistently and the key vulnerability here is through the camera. When you bring up the multitasking screen, most apps aren't accessible, but you can access the camera. Unlike the normal lock-screen camera access where you can shoot pictures but not see any photo history other than the shots you took during the current session, by accessing through this hack you can see the entire photo history. Also, you can access the "share" options for camera photos which means you can send emails from the phone, post to Twitter, Facebook, etc.
Comment removed based on user account deletion
Turn off the control center from the lock screen. It's not bad practice anyway.
I am almost positive that his "bug" is simply people's auto lock timeout setting being too long. I just confirmed that if you set your passcode to be required immediately that this hack will not work. However, if you set it to something like 2 minutes, as long as you're within the 2 minutes, you can get this to work.
Anyone else experience that?
Like in the video, you must first type in the passcode. This unlocks the passcode feature.
After that, the phone is not locked until auto lockout.. minimum of one minute.
http://www.zdnet.com/hackers-crowdfund-bounty-to-hack-iphone-5s-fingerprint-scanner-on-istouchidhackedyet-com-7000020879
File under 'M' for 'Manic ranting'
http://www.zdnet.com/hackers-crowdfund-bounty-to-hack-iphone-5s-fingerprint-scanner-on-istouchidhackedyet-com-7000020879
I will pay the first person who successfully lifts a print off the iPhone 5s screen, reproduces it and unlocks the phone in < 5 tries $100.
Why would a lockscreen bug have anything to do with this fingerprint scanner bounty?
Just tried it on my iPhone 4 several times. It never went past the locked screens. I even watched the video to be sure I was doing it right.
Looks like Apple had copied said 'god awful gui'. It's called iOS 7 now.
One of my friends raised an interesting question:
How can we be sure that the fingerprints stored on the device aren't being retrieved by various intelligence agencies?
Swipe up on the lock screen to enter the control center, and then open the alarm clock
Isn't granting access to unauthorized users to the control centre enough of a security hole? Opening the alarm clock? WTF?
This reminds me of OS X, which leaves media keys enabled when the screen is locked - effectively giving access to any audio you may have queued to bystanders.
Lockscreens should just validate password, nothing else.
Word Processor and Reader for Microsoft Office. By Irfan Farooqi IPhone and IPad Lightweight office work on the go Backup of documents Quick access to Documents, Spread sheets, Presentations, notes and memos word processing Pocket Spreadsheet Pocket Presentation Download : https://itunes.apple.com/us/app/documents-word-processor-reader/id642314248?mt=8