Slashdot Mirror

← Back to Stories (view on slashdot.org)

iOS 7 Lock Screen Bug Leaves Certain Apps Vulnerable For Access

Posted by Soulskill on from the at-least-it's-a-flat-bug dept.

MojoKid writes "News of a proven security vulnerability involving Apple iOS 7 has started making the rounds. The exploit specifically involves the lockscreen, the most common piece of security that stops an unauthorized individual from gaining access to anything important on your phone. The 'hack,' if you want to call it that, is simple: Swipe up on the lock screen to enter the control center, and then open the alarm clock. From there, hold the phone's sleep button to bring up a prompt that will ask you if you wish to shut down, but instead of doing that, hit the cancel option, and then tap the home button to access the phone's multi-tasking screen. With access to this multi-tasking screen, anyone could try opening up what you've already had open on your phone. If you had Twitter open, for example, this person might be able to pick up where you left off and post on your behalf. Or, they could access the camera — and of course, every single photo stored on the phone." The new iPhone models were released today; iFixit has a teardown of the iPhone 5s, giving it a repairability score of 6/10.

88 of 135 comments (clear)

  1. Protect your iPhone with a host file by Anonymous Coward · · Score: 1, Funny

    In loving memory of apk.

    1. Re:Protect your iPhone with a host file by K.+S.+Kyosuke · · Score: 1

      Bah. APK protection works much better on Android, not on iOS.

      --
      Ezekiel 23:20
    2. Re:Protect your iPhone with a host file by noh8rz10 · · Score: 1

      Not the host file, the HOSTS file!! $10,000 challenge!

  2. With the NSA storing your every move by Mister+Liberty · · Score: 3, Insightful

    this is the least of your worries.

    1. Re:With the NSA storing your every move by Sockatume · · Score: 4, Insightful

      You know, because that applies to every security story and adds no specific value to any of them, you just have to say it once and then stop.

      --
      No kidding!!! What do you say at this point?
    2. Re:With the NSA storing your every move by MightyYar · · Score: 3

      It is annoying. This overreach is even one of my pet causes, but this spam makes people who think it is dangerous look bad.

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
    3. Re:With the NSA storing your every move by Sockatume · · Score: 4, Insightful

      My chief complaint is that it's an either-or proposition which makes it seem like we should just disregard all other security failures just because we're operating under a single massive one.

      --
      No kidding!!! What do you say at this point?
    4. Re:With the NSA storing your every move by MightyYar · · Score: 1

      Yes, they can't really believe that - they are just trying to inject their pet cause everywhere... as if Slashdotters aren't aware already. It's like the Bush trolls from a few years back.

      --
      W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
  3. Reminds me of this Windows gif by mystikkman · · Score: 5, Funny

    Windows login gif.

    http://i.imgur.com/fqjnK.gif

    1. Re:Reminds me of this Windows gif by __aasehi2499 · · Score: 1

      I've never been to reddit, is that bad?

    2. Re:Reminds me of this Windows gif by Bogtha · · Score: 1

      That's a bit complicated isn't it? I know in a lot of versions, you could just hit escape and you'd be dumped onto the desktop.

      --
      Bogtha Bogtha Bogtha
    3. Re:Reminds me of this Windows gif by 93+Escort+Wagon · · Score: 1

      Turn in your geek card.

      No, it just means he's at least 25 years old.

      --
      #DeleteChrome
    4. Re:Reminds me of this Windows gif by mlts · · Score: 1

      I remember this hole on one major UNIX in the '90s (company is now gone), if you had access to its xdm login via local access or XDMCP. The username window will pop up a help box, with an option to redirect the output of a lpr command.

      So, a simple, "| xterm" typed in got you a root shell immediately.

      This was patched in the next minor rev, but it was a fairly gaping hole at the time.

    5. Re:Reminds me of this Windows gif by tlhIngan · · Score: 1

      The problem was the Windows 9x dialog was not for logging in, but for entering your network credentials so you can access network resources.

      Clicking cancel merely meant you couldn't access a network fileshare without rebooting and re-entering the credentials there.

      I think it took until XP before you could actually log into a fileserver using alternative credentials...

      Alas, the dialog was so poorly worded that many people thought you could use it to password protect your PC, but no. It just set your network credentials.

    6. Re:Reminds me of this Windows gif by cyberchondriac · · Score: 1

      Agreed.. . I was on Reddit once or twice.. does nothing for me.

      --

      Look back up at my post, now look back down, you're on the Internet. Now look back up. I'm a signature.
  4. Re:Could not replicate (as many others can't) by Bill_the_Engineer · · Score: 2

    Because those of us who value privacy would like our phones to remain locked until we unlock it ourselves. I'd hate to have my email accounts and photos read or copied simply because I misplaced my phone and someone else found it.

    --
    These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
  5. Re:Could not replicate (as many others can't) by Sockatume · · Score: 2

    No luck on the iPhone 4 either. I wonder if there's some configurational wrinkle that's missing.

    --
    No kidding!!! What do you say at this point?
  6. Can't replicate by jamie · · Score: 4, Informative

    I can't replicate it either. The YouTube video claims I double-tap the home button but the second tap is slightly longer? By the end of the first tap it's already bringing me back to the lock screen, i.e. by the time I'm pressing down for the second tap, I'm already being taken back to the lock screen. iPhone 5, updated last night to 7.0 (11A465).

    1. Re:Can't replicate by Anonymous Coward · · Score: 2, Informative

      you must be quite fast between cancel and double tap

    2. Re:Can't replicate by Anonymous Coward · · Score: 1

      Got It!,

      but on my iphone 5 I can do nothing with it. I can see what apps are open. I cannot see their content and I cannot open any of them, and if if I play around in there too long it goes back to the lock screen.

      I don't know if there is anything to see there.

    3. Re:Can't replicate by asylumx · · Score: 1

      Just tried this with a co-worker's iphone and yes, if the camera was running you can access all of their previous pictures. Couldn't get it to load their contacts, though.

    4. Re:Can't replicate by Like2Byte · · Score: 1

      I was able to replicate this with caveats.

      I was able to replicate this WITHOUT having the 'Passcode Lock' enabled.

      I was UNABLE to replicate this WITH 'Passcode Lock' enabled.

      I've now restarted an iPad Mini and am STILL UNABLE to replicate with the 'Passcode Lock' enabled.

      I'm not sure what the problem with this feature is. Sure, they've 'bypassed' the swipe to unlock screen; but, the user has specifically poked and prodded this iPad Mini in what, I assume, is an extremely unlikely situation. By itself I'm not so sure this is such a major problem. If it had gotten around the 'Passcode Lock' then yeah; but, it doesn't seem to.

    5. Re:Can't replicate by Like2Byte · · Score: 1

      KABOOM! I read some of the other posts. You DO have to double-tap the home button in really fast succession.

      So, scratch my previous post.

      I was able to replicate this WITHOUT having the 'Passcode Lock' enabled with a single home button tap.

      I was also ABLE to replicate this WITH 'Passcode Lock' enabled with a double-tap of the home button. However, I was unable to access any of the open applications from the multi-tasking screen.

    6. Re:Can't replicate by ageoffri · · Score: 2

      I was able to access contacts indirectly. Go into the gallery and share a picture and use messaging. At this point hit the + sign in the upper right. You are then in Contacts. You can view names and phone numbers. I wasn't able to figure out a way to edit contacts or get more details.

      --
      -- Slashdot, making the Left look conservative since 1997.
    7. Re:Can't replicate by asylumx · · Score: 1

      Yes, I was also able to replicate using the same technique. BTW My coworker knows I'm doing this, I'm not just hacking his phone without him knowing :)

    8. Re:Can't replicate by BVis · · Score: 1

      My (admittedly fairly unscientific) testing seems to indicate that if you have your passcode lock set to lock immediately, you can see what apps are running, but you cannot open any of them. If you set your passcode lock to lock after 5 minutes, you can access the applications... but you could just swipe from the "lock" screen to do the same thing.

      As far as I can tell, this "bug" is bullshit. The worst that happens is that someone sees what apps you were running, the screens are greyed out if you "exploit" this successfully.

      Try again, Apple haters.

      --
      Never underestimate the power of stupid people in large groups.
    9. Re:Can't replicate by Like2Byte · · Score: 1

      Ah, cool. Good to know! Thanks for the update. I hadn't considered the immediacy of the locking mechanism.

      As far as I can tell, this "bug" is bullshit. The worst that happens is that someone sees what apps you were running, the screens are greyed out if you "exploit" this successfully.

      Try again, Apple haters.

      Agreed! I thought about this while driving. Haters gotta hate. :P

  7. iFixit by Sockatume · · Score: 4, Funny

    From iFixit's teardown:

    We are currently involved in heavy lobbying to our product designers to create 14k gold replacement screws. They'll be $50 each and strip the first time you try to unscrew them, so they will be perfect for the iPhone. Stay posted.

    Ha ha ha.

    --
    No kidding!!! What do you say at this point?
    1. Re:iFixit by AmiMoJo · · Score: 1

      From the same teardown:

      Perhaps the "s" in 5s stands for "stuck," as in "this battery is stuck in with a lot of glue," or "I hope you didn't want to replace your batteryâ"you're going to be stuck with this one."

      They just couldn't resist, could they?

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  8. Re:Could not replicate (as many others can't) by thisisnotreal · · Score: 1

    It is disappointing, but true.
    Phone security will never be, and we should acknowledge it then.
    I guess...that's the thinking.
    Then the question is just how insecure are we okay with?

  9. Re:iOS vulnerability by Joce640k · · Score: 1

    Summary says you have to have applications open.

    --
    No sig today...
  10. This sounds vaguely familiar by Valgar · · Score: 1

    Not quite the same, but this sounds somewhat like the old iPad smart-cover bypass trick from a couple years ago.

    http://www.theguardian.com/technology/blog/2011/oct/26/ipad-lock-bypass-ios5-cover

  11. Easily avoided by Mendenhall · · Score: 1, Informative

    As soon as I did the iOS7 update, I noticed that you could access the camera from the lock screen, and I didn't want someone taking inappropriate pictures on my iPad if they stole it. There is an option in the settings which controls what features are available from the lock screen. If you turn off the Control Panel access from the lock screen, and everything else, this goes away.

    So, it's annoying but not fatal as a security issue. I can't imagine anyone wanting to have the device open for the camera when it is locked. I do wish the options were flexible enough that one could still adjust audio settings with it locked.

    1. Re:Easily avoided by Culture20 · · Score: 3, Interesting

      There are plenty of people who want an instant camera instead of fumbling with passcodes and opening the camera app for 30 seconds.

    2. Re:Easily avoided by joh · · Score: 4, Informative

      As soon as I did the iOS7 update, I noticed that you could access the camera from the lock screen, and I didn't want someone taking inappropriate pictures on my iPad if they stole it.

      You could access the camera from the lock screen from iOS 5 on.

    3. Re:Easily avoided by Sockatume · · Score: 1

      You could access the camera from the lock screen on the iPhones for a while, is this new to the iPad?

      --
      No kidding!!! What do you say at this point?
    4. Re:Easily avoided by parkinglot777 · · Score: 1

      As soon as I did the iOS7 update, I noticed that you could access the camera from the lock screen

      That feature has been included even before iOS7. I could already access the camera in my phone (4S) with only iOS5.x by turning the lock screen on and then swipe the camera icon upward to open the camera functionality. I could also access all pictures taken from this session of the camera as well. However, I cannot access any other pictures taken outside of the session. In other words, other pictures that are already in the photo gallery before turning the camera functionality on from the locked screen are inaccessible unless I unlock the phone. This is NOT a NEW feature.

    5. Re:Easily avoided by jellomizer · · Score: 1

      "I can't imagine anyone wanting to have the device open for the camera when it is locked."

      Well some people want to take pictures right away, before having to type in a password to get to it. Taking inappropriate pictures on your phone/ipad is easily deleted once the damage is done. This was on iOS 6 too.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    6. Re:Easily avoided by Somebody+Is+Using+My · · Score: 1

      You could access the camera from the lock screen on the iPhones for a while, is this new to the iPad?

      Yes, it is new to the iPad.

      The iPhones (and the forgotten stepchild of the line, the iTouch) had a camera button on the lock screen, but - on IOS6 and below - you did not have this feature on the Ipad.

      On the other hand, you did get the stunningly useless "picture frame" button on the iPad lock screen. You know, for those times the battery wasn't draining fast enough on its own. That's disappeared with iOS7

      The camera icon on the lock page is new to the iPad. I guess Apple didn't actually expect people to regularly use the iPad as a camera as it's a bit bulky for that purpose; still, I see folk doing it all the time so I suppose it's a needed addition.

      IOS7 has some very nice features (I particularly like the new multitasking system and the control center). I just wish they'd let people create their own themes so I wouldn't have to use those horrible new icons. Aside from the terrible color scheme, legibility and recognition are shot to hell with this update...

    7. Re:Easily avoided by ozbon · · Score: 1

      You could access camera from lock screen in iOS6 too - it's not a new feature.

      --
      I say we take off and nuke it from orbit. It's the only way to be sure...
    8. Re:Easily avoided by tlhIngan · · Score: 1

      I noticed that you could access the camera from the lock screen

      While it's elegantly done on iOS (swipe up to activate camera versus right when unlocking), on Android, this one feature (introduced in Jellybean 4.2) is probably implemented in the most asinine fashion.

      In 4.2, they turned the lock screen into another home screen with limited privileges, so they added pages to the left and right of the lock (left page(s) - user defined widgets, right page - camera). The problem is if you're using the swipe code and start the swipe on the sides, you can easily go "too far" to the left and right and end up changing the lock screen page instead of unlocking the phone. Most annoying. There are fixes to it (there's an app that disables widgets and camera auto-activation this way), but it's a huge PITA as 4.2 makes the unlocking area much smaller.

      Of all the iOS features Android could've taken, they take and implement poorly the camera on the lock screen

  12. Already fixed today by wimmi · · Score: 1

    It's supposed to be fixed in 7.01 which should be available today..
    Or so I've read from various sources.

    1. Re:Already fixed today by Sockatume · · Score: 1

      Apple have acknowledged the issue and that they intend to fix it, however 7.0.1 is a bug fix release for the 5C and 5S to make up for the fact that their builds are older. (They had to be finished in time to get the phones into boxes and shipped to stores.) I would be surprised if 7.0.1 did anything but bring those two handsets up to date, this bug included.

      --
      No kidding!!! What do you say at this point?
  13. Can't Reproduce by Sylak · · Score: 1

    I can't reproduce this. Is is possible it's specific just to the iPhone 5/s/c?

    1. Re:Can't Reproduce by mkraft · · Score: 1

      It took me a few tries, but I reproduced it on my iPhone 4S. Make sure to do exactly what the video does, including going into the camera before going into the Clock app.

  14. Re:iOS vulnerability by Sockatume · · Score: 1

    Ten seconds is the time limit given for an app to finish its business if it ceases to be in the foreground or the phone screen is locked. I don't think background services or the brief window in which a compatible app is restarted for Background App Refresh really count.

    --
    No kidding!!! What do you say at this point?
  15. Re:Could not replicate (as many others can't) by SROL · · Score: 1

    I was able to replicate it on the iPhone 4s.
    On my first try the programs showed up for half a second then it went back to the lock screen. The second try it worked just fine but when I tried to open the "desktop" (I'm new to the phone so I don't know the right word) it locked again.

  16. Unimpressed. by MaWeiTao · · Score: 1

    I spent most of yesterday evening tinkering with iOS 7 on my iPad. I've got to say, much of it feels like amateur hour, like a bunch of students got together to create a redesign of iOS. I can't tell if they put an inexperienced team on the job, if managers with no proper UX experienced were meddling, or they outsourced the bulk of the work. But as a creative director I would have rejected much of what I was seeing and I can't imagine that Steve Jobs would have approved this release.

    Apple, a company supposedly reputed for being a stickler about the details, sure overlooked a lot of things here. So that there's a vulnerability isn't really shocking at this point.

    1. Re:Unimpressed. by MoneyT · · Score: 1

      There are a number of UX issues with iOS 7 that I'm frankly quite surprised made it through testing or that anyone thought these were good ideas. Ignoring the theme itself (lower definition icons means less context, especially with hi res screens, that context would have been very usable it's the whole reason we do things like image previews for icons in modern OSes rather than generic jpg icons).

      1) The "partial shift" no longer has a distinct visible mode on the keyboard. iOS has 4 modes for the shift button. 1: The button is off, everything is lowercase, 2: The button is on, the next letter or symbol is uppercase / shift symbol (? vs /), 3: The button is locked on, all letters are uppercase, but symbols are not shifted, 4: The button is partially on, the next letter is uppercase, but symbols will not be shifted. Mode 4 is the mode the button goes into at the beginning of a line or after a period. It was also previously distinguished by a blue highlight around the shift arrow rather than the arrow being filled in. Now there is no visual distinction between modes 4 and 2.

      2) Minimalist button icons. For buttons that aren't text, the icons are very minimalist and without previous knowledge give little to no clue about what they do. For example the "share" button is now a simple box with an up arrow. The bookmarks icon in safari is a weird divided rectangle that if you squint just right you could argue looks like an open book.

      3) The ".com" button is now hidden behind the "." key for web address entry making is non-discoverable except by accident.

      4) Folders only display a 3x3 grid, even on iPads and do not remember your last position (nor does there appear to be an option for that).

      5) When you first open the OS, it tells you that spotlight has moved and to now simply swipe down from any home screen. That's good, it's great that the search functionality is available anywhere. What it doesn't tell you is that you don't swipe down from the top (which gives you notification center. You instead swipe from another place on the screen.

      6) The keyboard seems slower and less responsive. This may be just my iPad for some reason, but it appears that the keyboard sometimes hesitates on displaying and coming ready when displayed.

      7) Videos have a "make full screen" button, but no longer have a "leave full screen" button that doesn't stop the video from playing. The "Done" button remains, but this stops the video. The only way to leave full screen without stopping the video is to pinch the screen.

      None of these are show stoppers by any stretch of the imagination, but they are the sorts of "little things" that apple (and steve jobs in particular) are noted for fussing over. For making sure that those little experiences add up to be a better experience than the sum of their parts.

      --
      T Money
      World Domination with a plastic spoon since 1984
    2. Re:Unimpressed. by MoneyT · · Score: 1

      There is an option to set the font to bold, which does dramatically improve the thin fonts (though some of the larger text, like the lock screen clock looks odd), it's under the accessibility settings. There's also an increase contrast option (which is distinct from the invert colors option) though I haven't found where that takes effect.

      --
      T Money
      World Domination with a plastic spoon since 1984
  17. Different thing altogether... by Thruen · · Score: 3, Informative

    Couple quick things. Firstly, that feature was already there, odds are you had disabled it before and that setting was reset with the update. Also, you can't access any existing photos from there, it'll only let you browse the photos you've taken since opening the camera, and resets each time you lock the screen again. There are similar features on other phones, it's handy and not by itself a security risk. As for not imagining anyone wanting to have the device open for the camera when it's locked, I think you lack imagination, and possibly even basic sense. I take advantage of it most frequently when I'm traveling and wish to quickly snap a photo without having to type in my password, it often makes the difference between a photo of an animal grazing and one of their behind as they run into the woods.

    It's worth noting that this feature doesn't seem related in the least to the security flaw discussed here, as the camera is meant to be quickly accessible in this way. This means the suggestion of turning off control panel access won't fix the security flaw, if that's what you had in mind.

    1. Re:Different thing altogether... by Mendenhall · · Score: 1

      I know they are different things, but it was the camera access that got my attention. Disabling Control Panel access, I think, as I mentioned in the original post, avoids the issue. As far as I can tell, there is no way to get to anything on my iPad without unlocking.

      The ad hominem about my lacking imagination and/or sense was not needed or polite.

    2. Re:Different thing altogether... by Thruen · · Score: 1

      I'm not sure if I misunderstood you then or now, but if you understand the article is about something entirely different than the feature you describe then I'm not sure why you bothered to mention it, as it has nothing to do with the article. I'm not shocked you weren't able to reproduce the issue on your iPad, as it seems to be a problem specifically with the iPhone 5S, as described in the article, and there are reports around the web of being unable to reproduce it on other devices.

      Also, it's amusing that you mention my ad hominem as unnecessary, when it was in response to your own, and you responded to it with another. Maybe you should run your own blog with comments disabled if you want to be able to post your opinion on the internet and have nobody respond to it. If you find a tame comment like that offensive, public forums are no the place for you.

    3. Re:Different thing altogether... by narcc · · Score: 1

      Why is this so damn difficult for people to understand?

      Both of you, stop it!

      --
      Required reading for internet skeptics
    4. Re:Different thing altogether... by R3d+M3rcury · · Score: 1

      I take advantage of it most frequently when I'm traveling and wish to quickly snap a photo without having to type in my password [...]

      But imagine if I didn't have to enter a password. Imagine if I had some sort of biometric type of system, like a fingerprint reader or facial recognition or something, that would let me unlock my phone without having to enter a password.

      Nah. That's crazy talk...

  18. No M7 processor? by UnknowingFool · · Score: 1

    This is strange that they couldn't find the M7. Either it is incorporated into the A7 or they missed it somehow. Given the functionality of the M7, it might very small compared to the A7. There appears to be some metal shielding next to the A7. It could be under there. Also the chip next to the Qualcomm WTR1605L isn't identified.

    --
    Well, there's spam egg sausage and spam, that's not got much spam in it.
    1. Re:No M7 processor? by tlhIngan · · Score: 1

      This is strange that they couldn't find the M7. Either it is incorporated into the A7 or they missed it somehow. Given the functionality of the M7, it might very small compared to the A7. There appears to be some metal shielding next to the A7. It could be under there. Also the chip next to the Qualcomm WTR1605L isn't identified.

      Not really. It's probably part of the silicon that the A7 uses - modern ARM SoCs are full of processors besides the main ARM core - often many auxiliary processors exist. The M7 is probably just another block on the silicon.

      In fact, it's not entirely surprising if you find a small ARM core is the only thing that boots when you apply power - the main big beefy cores are kept in reset and power down states. The little ARM core (ARM11 in some cases or a Cortex-M ARM microcontroller in other cases) boots up and is responsible for initializing the system and loading the next block of code up and preparing the main cores to boot it.

      Heck, one SoC I worked on had 8 cores (for big.LITTLE), a Cortex-M core to boot and manage power, and a Cortex-R core for modem functionality.

      It won't be out of place for Apple to put it on the came silicon. It would just be another programmable processor in a sea of them that makes up a modern SoC.

    2. Re:No M7 processor? by UnknowingFool · · Score: 1

      From what I know about the A7, it is slightly larger than the A6 (die size). I didn't know whether they could fit it in the amount of space if it incorporated a M7 as well as the other changes. Yes, the A7 is on a 28nm instead of 32nm but I didn't think it would be enough.

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
    3. Re:No M7 processor? by UnknowingFool · · Score: 1

      This conflicting report says that the M7 is from NXP and separate from the A7.

      --
      Well, there's spam egg sausage and spam, that's not got much spam in it.
  19. Re:Could not replicate (as many others can't) by Anonymous Coward · · Score: 1

    iOS 7 on iPhone 5:

    Swipe up, clock app, sleep button, cancel out of the power off dialog, hit the home button twice. Yes, one can swipe and see what apps were once run, but it will ignore any taps on other apps, and if one taps on the Springboard icon, it will drop back to the lock screen.

    Yes, this is a bug, and hopefully 7.0.1 will fix it, but it doesn't allow anyone off the street to get to your contacts and such.

  20. Comment removed by account_deleted · · Score: 3, Interesting

    Comment removed based on user account deletion

  21. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  22. Re:Could not replicate (as many others can't) by thoromyr · · Score: 1

    There is a bug, but it is not what most would consider a lock screen bypass. iOS7 has a new task switcher and you can access this, but it has reduced privileges meaning you can't access any app that you couldn't from the lock screen. And even then it isn't reliable (very likely due to it being the result of a bug).

    What it *does* do is leak information about what is installed on the phone, and badges for installed apps (e.g., number of unread emails). But only if those applications are running. Doing a fresh upgrade from 6 to 7 somehow resulted in every application being listed by the task switcher -- its as if they were all started by iOS. You can remove the apps from the task switcher (killing inactive applications).

    So, yes, there is a bug. No, it isn't a lock screen bypass. Other than some information leakage ("active" apps) there is no access that did not occur from the lock screen itself.

  23. Re:Could not replicate (as many others can't) by thoromyr · · Score: 1

    Exploring this further, it appears that someone doing this casually may think they have a lock screen bypass because they go through the steps and get full access to any application. The key here is the behavior of locking the phone: is the passcode immediately required or not? If testing this you have to either set that to immediately or wait long enough to ensure it isn't still just "swipe to unlock".

    On another note, some combination of factors resulted in no access to the quick swipe apps. Could still swipe to get the camera from its separate point

  24. Re:Could not replicate (as many others can't) by 93+Escort+Wagon · · Score: 2

    Works for me on a regular 4. You cannot launch new apps but previoulsy opened apps that are running are accessible.

    When I tried it (on an iPhone 5), it does seem - as in the demo video - the apps have to have been opened very recently.

    This seems to be related to how iOS 7 handles multitasking. I wonder if disabling background updating of apps would fix it? Later yesterday (after I played around trying to replicate this bug) I disabled background updating, mainly to try to address the poor battery life suckage iOS 7 seems to have introduced on my phone...

    --
    #DeleteChrome
  25. Will the discoverers get the 10k bounty? by mark-t · · Score: 1

    http://www.zdnet.com/hackers-crowdfund-bounty-to-hack-iphone-5s-fingerprint-scanner-on-istouchidhackedyet-com-7000020879

    --
    File under 'M' for 'Manic ranting'
  26. Re:Could not replicate (as many others can't) by rsborg · · Score: 1

    I also cannot replicate the problem with iOS 7.0 (11A465) on my iPhone 3GS.

    If you don't mind me asking - how'd you get that installed - isn't iOS7 not supposed to be compatible for 3GS.

    --
    Make sure everyone's vote counts: Verified Voting
  27. Why would they? by InvisiBill · · Score: 1

    http://www.zdnet.com/hackers-crowdfund-bounty-to-hack-iphone-5s-fingerprint-scanner-on-istouchidhackedyet-com-7000020879

    I will pay the first person who successfully lifts a print off the iPhone 5s screen, reproduces it and unlocks the phone in < 5 tries $100.

    Why would a lockscreen bug have anything to do with this fingerprint scanner bounty?

    1. Re:Why would they? by mark-t · · Score: 1

      Doesn't this exploit bypass the fingerprint lockscreen?

      --
      File under 'M' for 'Manic ranting'
  28. Re:Could not replicate (as many others can't) by denmarkw00t · · Score: 3, Informative

    I tried a good 10 times on my 4 before I got it to work - it's not mentioned and an easy bit to miss in the video: as soon as you tap close you have to do the double-tap on the home button and hold the second tap a little longer than a second maybe. The key though is to do this AS SOON as you hit "Cancel." How this person ever came across the flaw is beyond me, but good poking. Someone should hire her for a QA team.

  29. Re: Could not replicate (as many others can't) by DigiShaman · · Score: 1

    Settings --> General --> Accessibility --> Reduce Motion -- turn on

    The novalty wears off the first day or so, that and I don't like my wallpaper stretched causing them to blur (pixels no longer 1:1 ratio).

    --
    Life is not for the lazy.
  30. Nope... by superdave80 · · Score: 1

    Just tried it on my iPhone 4 several times. It never went past the locked screens. I even watched the video to be sure I was doing it right.

    1. Re:Nope... by superdave80 · · Score: 2

      Success! The timing of holding the home button seems to be very critical. I start double-clicking right as soon as I hit the CANCEL button, and hold the 2nd click for about three seconds before releasing. Even after my successful try, I still have trouble doing it consistently.

      On a side note, nearly every app was still locked to me. I was able to get the camera and pics open, but that was it.

  31. Re: Could not replicate (as many others can't) by 93+Escort+Wagon · · Score: 1

    Yeah, I went looking that setting pretty quickly because you're absolutely right - it went from "interesting" to "meh" to "how the heck do I disable that?" over the course of a couple hours.

    It perhaps works better with their own wallpapers, but I use my own photos and it got annoying pretty quick.

    --
    #DeleteChrome
  32. Re:Yes, it invoked the multitasking screen but... by mlts · · Score: 1

    Ideally, any banking app should have the option to set a PIN code or a password, and after 5-10 wrong guesses, either start adding an exponential delay, purge itself (if there is no critical data just stored with the app) or demand the banking username and password. That way, one's data is protected unless the phone gets compromised when the app is inuse.

    There is also an API for storing data in a protected subdirectory as well, so when the device is locked, the stored files are inaccessible. That way, if the app gets switched to, no data will be usable.

  33. Re:Could not replicate (as many others can't) by ArcadeMan · · Score: 1

    Woosh.

    --
    Get free satoshi (Bitcoin) and Dogecoins
  34. Fingerprints by phorm · · Score: 1

    One of my friends raised an interesting question:

    How can we be sure that the fingerprints stored on the device aren't being retrieved by various intelligence agencies?

    1. Re:Fingerprints by LordLimecat · · Score: 1

      Because theyd be awful low-rez fingerprints?

    2. Re:Fingerprints by BasilBrush · · Score: 1

      If you want to go full on paranoid, that everything you are told might be a lie, they might be. But why ask the question here. We might be lying.

      If however you're interested in the technology, an image of the fingerprint isn't stored anywhere. The fingerprint scanner creates a hash, and that is stored in a dedicated secure area in the CPU, salted with a UID from the phone. It's not possible to recreate an actual print from the hash, even if the hash were accessible from software, which it's not.

      There's certainly not an image file of your finger print stored on your phone that spyware could upload.

      If you're interesting enough for intelligence agencies to want your fingerprint, they'll come and get one off a glass or door handle you've just touched.

    3. Re:Fingerprints by phorm · · Score: 1

      I can see how you can store a hash of a strict item, but wouldn't a fingerprint have enough "fuzzy" difference between inputs in it that making a hash wouldn't work?

    4. Re:Fingerprints by BasilBrush · · Score: 1

      Obviously Apple aren't giving full information about how it works. But the hashing part has been mentioned in several places.

      This is the best source of information I found. It includes both what Apple have revealed, together with some informed speculation.

      http://www.techhive.com/article/2048514/the-iphone-5s-fingerprint-reader-what-you-need-to-know.html

      Actually the most interesting part is that the scanner takes a capacitative rather than optical image. Which explains why the lens isn't transparent (to visible light) and why it's not going to be fooled by photos and photocopies of fingerprints.

      It also means that even if someone did get access to the image (which seems impossible), it wouldn't match up with optical fingerprints they might have from elsewhere.

    5. Re:Fingerprints by phorm · · Score: 1

      Thanks for the link, it's rather informative.
      I wonder if this reader will be susceptible to dry-finger issues common to touchscreens? Generally an uncovered screen is better, but with a protective film (likely not needed on the fingerprinter reader) dry fingers tend to work poorly. On really dry days, even the straight screen can be a little dicey.

  35. Too much access by hobarrera · · Score: 1

    Swipe up on the lock screen to enter the control center, and then open the alarm clock

    Isn't granting access to unauthorized users to the control centre enough of a security hole? Opening the alarm clock? WTF?
    This reminds me of OS X, which leaves media keys enabled when the screen is locked - effectively giving access to any audio you may have queued to bystanders.

    Lockscreens should just validate password, nothing else.

  36. Re:Could not replicate (as many others can't) by cellocgw · · Score: 1

    OK so that was a lame joke, but what morons tagged it "flamebait"? "boring" I could understand.

    --
    https://app.box.com/WitthoftResume Code: https://github.com/cellocgw
  37. Re:Yes, it invoked the multitasking screen but... by dadman · · Score: 1

    "the new multitask browser provides an unprotected preview of my last banking session." -- was this really what you've seen on the iOS 7.0? Mine one didn't show anything...

  38. Re:Yes, it invoked the multitasking screen but... by dadman · · Score: 1

    Apparently, I could not see anything in the camera roll either, on the iOS 7.0. Are you really sure that this is the case as you have described??

  39. Re:Yes, it invoked the multitasking screen but... by dadman · · Score: 1

    Prove it to everyone that this is a troll.

  40. Word Processor and Reader for Microsoft Office. by mustafawi · · Score: 1

    Word Processor and Reader for Microsoft Office. By Irfan Farooqi IPhone and IPad Lightweight office work on the go Backup of documents Quick access to Documents, Spread sheets, Presentations, notes and memos word processing Pocket Spreadsheet Pocket Presentation Download : https://itunes.apple.com/us/app/documents-word-processor-reader/id642314248?mt=8