PDA

View Full Version : Your pictures are not secure on iOS 7


DarkViper338
Jun 13, 2013, 07:08 PM
If you use a passcode on your iPhone (and you should), see if this works:

- Lock your phone
- Hit your home button to wake it up
- Instead of swiping to enter your passcode, open the new Control Center (up from the bottom)
- Open the Calculator
- Open the Control Center AGAIN
- Open the Camera
- Hit the photo in the left corner

See if you can see all the photos on the phone. I can.

I've also made it to the home screen from here once or twice without a passcode, but can't reproduce that right now. Maybe if other people try it.

FlatlinerG
Jun 13, 2013, 07:09 PM
Can confirm that this is happening for me as well.

C DM
Jun 13, 2013, 07:14 PM
In all these cases, are you sure your passcode is activated when you try doing any of this? Basically, did you try unlocking first to see that you are actually prompted for a passcode, before going back to the lock screen and trying it all?

What I've personally noticed is that the passcode prompt for me sometimes simply doesn't get activated. Let's say if I have it say to prompt after 5 minutes, and 5 minutes pass (or sometimes even 10 or 15) and I try to unlock my phone, I can sometimes do it without being prompted for my passcode. Perhaps that might be the underlying issue.

chrf097
Jun 13, 2013, 07:15 PM
It's due to the way Control Center handles quick launching the programs.

Control Center treats the Lock Screen as the home screen or another app, which is why you can do that.

Of course it's obviously a beta issue. Future betas will probably have Control Center function with the lock screen as the lock screen and block launching without inputing a passcode.

Unless of course you don't use a password, in which case you were already vulnerable. :P

----------

In all these cases, are you sure your passcode is activated when you try doing any of this? Basically, did you try unlocking first to see that you are actually prompted for a passcode, before going back to the lock screen and trying it all?

I can confirm it does even with the passcode active. See what I wrote above.

batting1000
Jun 13, 2013, 07:16 PM
It's a beta. Let's not worry so much.

FlatlinerG
Jun 13, 2013, 07:18 PM
In all these cases, are you sure your passcode is activated when you try doing any of this? Basically, did you try unlocking first to see that you are actually prompted for a passcode, before going back to the lock screen and trying it all?

What I've personally noticed is that the passcode prompt for me sometimes simply doesn't get activated. Let's say if I have it say to prompt after 5 minutes, and 5 minutes pass (or sometimes even 10 or 15) and I try to unlock my phone, I can sometimes do it without being prompted for my passcode. Perhaps that might be the underlying issue.

Yup, I even have an exchange account on my iPhone which requires a passcode. I haven't not used a passcode in ages.

PrometheusGeek
Jun 13, 2013, 07:22 PM
If you use a passcode on your iPhone (and you should), see if this works:

- Lock your phone
- Hit your home button to wake it up
- Instead of swiping to enter your passcode, open the new Control Center (up from the bottom)
- Open the Calculator
- Open the Control Center AGAIN
- Open the Camera
- Hit the photo in the left corner

See if you can see all the photos on the phone. I can.

I've also made it to the home screen from here once or twice without a passcode, but can't reproduce that right now. Maybe if other people try it.

Good find. But, this is a Beta, and if you're using it legally (as a registered Dev), then you've consented to an NDA. You shouldn't be posting this kind of finding on a public forum. It should be reported directly to Apple because that's the whole point of Betas.

TillysWily
Jun 13, 2013, 07:23 PM
I can confirm that this does happen with the pass code set. I swiped to make sure it asked for a passcode then went back and tried it and yes I can look at my pictures. I'm sure this will get fixed in future builds. I will be pissed though if they make u use your passcode to look at the control panel!!!!!

C DM
Jun 13, 2013, 07:25 PM
For the time being I ended up disabling Control Center on the lockscreen anyway so as not that much access to various phone functions are available on the phone (whether or not there are any bugs with passcode requirements).

hello12
Jun 13, 2013, 07:39 PM
It works!

*Deletes lewd pictures*



(kidding)

HeyKatie
Jun 13, 2013, 07:41 PM
Doesn't work for me, guess my 4S is pretty secure :)

chrf097
Jun 13, 2013, 07:41 PM
I can confirm that this does happen with the pass code set. I swiped to make sure it asked for a passcode then went back and tried it and yes I can look at my pictures. I'm sure this will get fixed in future builds. I will be pissed though if they make u use your passcode to look at the control panel!!!!!

They won't make it so you have to enter a password to, it'll probably just be handled where tapping one of the quick apps prompts the password, similar to how in iOS 5 and 6, when you quick launch the camera and then hit the home button it asks for your password.

BFG86
Jun 13, 2013, 07:58 PM
weird i didn't even know you could slide to the right instead of entering the passcode. just assumed you had to enter the passcode to see the lock screen. wish they could disable that

tymaster50
Jun 13, 2013, 08:03 PM
That's a lot of effort just to see some photos LMFAO

AlphaDeuce
Jun 13, 2013, 08:10 PM
Good find. Be a good beta tester and detect bugs, report it, confirm fixes in the next build, and be glad you helped out the iOS community.

C DM
Jun 13, 2013, 08:17 PM
weird i didn't even know you could slide to the right instead of entering the passcode. just assumed you had to enter the passcode to see the lock screen. wish they could disable thatDisable what exactly?

maxosx
Jun 13, 2013, 08:19 PM
Security is nothing but a fantasy.

M87
Jun 13, 2013, 08:20 PM
You can disable Control Center on the lock screen. Either way, this is a beta and hardly worth freaking out over.

Gutwrench
Jun 13, 2013, 08:36 PM
Thank you for posting this OP. Beta or not it should be out in the open for people to know about.

tymaster50
Jun 13, 2013, 08:44 PM
Thank you for posting this OP. Beta or not it should be out in the open for people to know about.

Be it as it may, it's not like it poses a huge security risk. To do this you would have to let someone use your phone, or get it stolen from you and I doubt their first thought would be to look through your photos lol. The new find my iPhone makes it useless anyway if it's stolen

adam044
Jun 13, 2013, 11:34 PM
Ha my passcode doesnt even work so thats the first problem

snerkler
Jun 14, 2013, 02:42 AM
It's only those pics on your camera role anyway, I can't access all my photos this way. I don't keep a lot in my camera roll as I organise them into specific folders.

WeegieMac
Jun 14, 2013, 02:52 AM
Good find. But, this is a Beta, and if you're using it legally (as a registered Dev), then you've consented to an NDA. You shouldn't be posting this kind of finding on a public forum. It should be reported directly to Apple because that's the whole point of Betas.

Really?

How long have you been a member here?

"This kind of finding" has been reported with every iOS beta since I've been here. The ability to update to a beta via "Check For Update" has been there since iOS 5, and knowing Apple I'm sure they're well aware. They've not plugged it for a reason, because they get as much real world user data from the nerds among us (me included) as well as legit developer reports.

No one has ever been dragged to court for breaking the holy NDA in all my years using and posting about iOS and OS X betas. No one on YouTube has has their iOS 7 videos pulled yet. Same as with previous betas.

I think you need to remove that stick from somewhere.

KeanosMagicHat
Jun 14, 2013, 02:55 AM
Don't know whether the OP was one of the first to spot it (props if you were), but this is now being reported as a known exploit.

Doesn't affect me as I wouldn't want others to have access to the control centre when my phone is locked so disabled it in the settings.

I can still get to the music controls with the old Double Tap method - so that's good enough for me.

Dominicanyor
Jun 14, 2013, 03:19 AM
I guess I have to wait until the update comes out so I could see what everyone here is talking about.