PDA

View Full Version : Lock Screen Bypass


TheKrs1
Sep 19, 2013, 03:26 PM
Engadget is reporting iOS 7 bug can get someone past the lock screen:

http://www.engadget.com/2013/09/19/ios-7-bug/


[Mods: please lock. It's a story now.]

gentlefury
Sep 19, 2013, 03:46 PM
Engadget is reporting iOS 7 bug can get someone past the lock screen:

http://www.engadget.com/2013/09/19/ios-7-bug/


[Mods: please lock. It's a story now.]

Seriously? This again? This is just like people claiming that going into the camera app and going into the gallery was an expoit to bypass locking. It wasn't. This is exactly the same. If you have your password lock set to immediately this doesn't work. As it shouldn't. If you have it set to anything other than immediately it will go into task switching from the lock screen apps...because YOUR PHONE ISN'T LOCKED!!!!

Folder-ception, is however, real.

C DM
Sep 19, 2013, 04:07 PM
Seriously? This again? This is just like people claiming that going into the camera app and going into the gallery was an expoit to bypass locking. It wasn't. This is exactly the same. If you have your password lock set to immediately this doesn't work. As it shouldn't. If you have it set to anything other than immediately it will go into task switching from the lock screen apps...because YOUR PHONE ISN'T LOCKED!!!!

Folder-ception, is however, real.Doesn't seem like that's the case here actually.

matttye
Sep 19, 2013, 04:15 PM
Seriously? This again? This is just like people claiming that going into the camera app and going into the gallery was an expoit to bypass locking. It wasn't. This is exactly the same. If you have your password lock set to immediately this doesn't work. As it shouldn't. If you have it set to anything other than immediately it will go into task switching from the lock screen apps...because YOUR PHONE ISN'T LOCKED!!!!

Folder-ception, is however, real.

This works with immediate lock set. It's definitely an exploit.

I can reproduce this..

Altis
Sep 19, 2013, 04:17 PM
Watch the actual video linked on the front page.

The phone is password protected, and locked.

The access he gains is beyond just photos anyways.

It is a pretty serious bug, although how one stumbles across it is fascinating.

C DM
Sep 19, 2013, 04:20 PM
Watch the actual video linked on the front page.

The phone is password protected, and locked.

The access he gains is beyond just photos anyways.

It is a pretty serious bug, although how one stumbles across it is fascinating.To be fair it's not exactly serious in the sense that you can simply not have access to Control Center from the lock screen and that takes care of it.

gentlefury
Sep 19, 2013, 04:26 PM
I did watch it, and you are wrong.

When passcode lock is set like this:
https://lh6.googleusercontent.com/-_XjCIHSdFEo/Ujtq0R3_c1I/AAAAAAAAFT8/-Z7CJ10rMOk/w760-h1348-no/IMAGE_8.png

it "works"
https://lh4.googleusercontent.com/-OBfuhvfSBA8/Ujtq1U2rGuI/AAAAAAAAFUE/2WtSCq5IL_g/w760-h1348-no/IMAGE_9.png

But, when it is set like this:
https://lh3.googleusercontent.com/-6w5Lv8IiUEk/UjtqzlgXmnI/AAAAAAAAFT0/gMdtubHRV-Y/w760-h1348-no/IMAGE_7.png

The app comes slamming down to the lock screen:
https://lh3.googleusercontent.com/-MdnrIsEcIZ4/Ujtq3j5X8iI/AAAAAAAAFUM/XmebWOLJIrw/w760-h1348-no/IMAGE_10.png

When you don't have it set to lock immediately...your phone just simply isn't locked immediately. So you can swipe the screen to bypass the lock too at that point. The whole holding the power button is just for show, so it looks like an authentic exploit. It's to see people react like this to nothing. Kinda like last year, when people were convinced that the camera app was an exploit past the lock screen!!! Same deal.

----------

This works with immediate lock set. It's definitely an exploit.

I can reproduce this..

No, it doesn't.

matttye
Sep 19, 2013, 04:29 PM
No, it doesn't.

Mine is set exactly like that and I was able to reproduce the bug.

Try again...

gentlefury
Sep 19, 2013, 04:31 PM
OK, so, have you actually tried accessing anything. I can actually get the multi-tasker to show up...but all the apps are locked. I can't see the screen shot...and I also can't access anything except camera...which is already accessible from the lock screen. So in reality the only access this gains someone, is seeing your apps.

matttye
Sep 19, 2013, 04:33 PM
OK, so, have you actually tried accessing anything. I can actually get the multi-tasker to show up...but all the apps are locked. I can't see the screen shot...and I also can't access anything except camera...which is already accessible from the lock screen. So in reality the only access this gains someone, is seeing your apps.

You need to access the camera before you perform the rest of the bug, so that it shows up in the multitasking tray. You may also need to open the photo gallery from the camera; not too sure about this bit.

Once I did this I was able to see all of my photos without unlocking the phone (by going into the camera in the multitasking tray and then hitting the photo gallery button in the bottom left corner).

tgi
Sep 19, 2013, 04:34 PM
OK, so, have you actually tried accessing anything. I can actually get the multi-tasker to show up...but all the apps are locked. I can't see the screen shot...and I also can't access anything except camera...which is already accessible from the lock screen. So in reality the only access this gains someone, is seeing your apps.

You can access not only the camera, but the camera roll as well. Which you can't access just by accessing the camera regularly from the lock screen.

gentlefury
Sep 19, 2013, 04:36 PM
You can access not only the camera, but the camera roll as well. Which you can't access just by accessing the camera regularly from the lock screen.

OK, this is correct. So this is a problem, because your super important photos are going to allow someone to steal your identity? Everything important is still secure. This will be patched in under a week no doubt anyway.

The only issue this poses for security, potentially is that it lets you send an email or text message without unlocking. So that's not cool.

matttye
Sep 19, 2013, 04:38 PM
OK, this is correct. So this is a problem, because your super important photos are going to allow someone to steal your identity? Everything important is still secure. This will be patched in under a week no doubt anyway.

I take photos of all sorts of things.. I don't want just anybody being able to see them.

How can you say it's not a problem? :eek:

Plus this is just the latest lockscreen bypass that has been found... how many more are there?

gentlefury
Sep 19, 2013, 04:41 PM
I take photos of all sorts of things.. I don't want just anybody being able to see them.

How can you say it's not a problem? :eek:

Plus this is just the latest lockscreen bypass that has been found... how many more are there?

I guess I don't consider my photos to be super important. But I also don't have any photos on there I wouldn't want anyone to see. I couldn't care less if someone saw my photos.

C DM
Sep 19, 2013, 04:43 PM
OK, this is correct. So this is a problem, because your super important photos are going to allow someone to steal your identity? Everything important is still secure. This will be patched in under a week no doubt anyway.

The only issue this poses for security, potentially is that it lets you send an email or text message without unlocking. So that's not cool.It's still a problem. Maybe not a big one for some, maybe not even any kind of for others, but it doesn't make it any less of a problem as far as it not functioning correctly and getting through a security feature (even if partially).

matttye
Sep 19, 2013, 04:44 PM
I guess I don't consider my photos to be super important. But I also don't have any photos on there I wouldn't want anyone to see. I couldn't care less if someone saw my photos.

Whether you care about them or not, they're supposed to be secure and protected by a lock screen. Does it not make you wonder what else people might be able to access using other tricks?

I think bugs like this are very serious.

C DM
Sep 19, 2013, 04:45 PM
I guess I don't consider my photos to be super important. But I also don't have any photos on there I wouldn't want anyone to see. I couldn't care less if someone saw my photos.That's fine. It still doesn't mean that it's not a problem or not a security concern on some level (given that it bypasses security).

You got it wrong in the beginning, it's been clarified now--no need to try to pull at random strands just to create some sort of supporting point to somehow indirectly justify your incorrect initial statement.

gentlefury
Sep 19, 2013, 04:46 PM
It's still a problem. Maybe not a big one for some, maybe not even any kind of for others, but it doesn't make it any less of a problem as far as it not functioning correctly and getting through a security feature (even if partially).

I agree. I do concede that this one is for real. I personally never let my phone out of my sight tho. I don't believe that any phone is actually secure.

My only real concern with iOS 7 is that airplane mode is on the front screen. I wonder if they implemented a way of bypassing that if you put your phone in lost mode...

I know that if you put it in lost mode it will become unusable...so unless you want to just look at it turned off you are going to have to eventually plug it in to something and that means you are going to have to activate it...and if its lost, it ain't happening. I would like to know how they counter that.

matttye
Sep 19, 2013, 04:53 PM
I agree. I do concede that this one is for real. I personally never let my phone out of my sight tho. I don't believe that any phone is actually secure.

My only real concern with iOS 7 is that airplane mode is on the front screen. I wonder if they implemented a way of bypassing that if you put your phone in lost mode...

I know that if you put it in lost mode it will become unusable...so unless you want to just look at it turned off you are going to have to eventually plug it in to something and that means you are going to have to activate it...and if its lost, it ain't happening. I would like to know how they counter that.

You can't access the notification centre or control centre in lost mode, which is good.

I tried using the same method to get into the multitasking bar whilst in lost mode, because I thought you could probably get into control centre that way, but it doesn't seem to work.

gentlefury
Sep 19, 2013, 04:54 PM
You can't access the notification centre or control centre in lost mode, which is good.

I tried using the same method to get into the multitasking bar whilst in lost mode, because I thought you could probably get into control centre that way, but it doesn't seem to work.

That's good to know. But what if someone enables airplane mode as soon as they pick up your phone. Now it can't be tracked until it gets on a network again. When you enable lost mode does it turn on Wifi? Kinda like guest mode on a Mac.

matttye
Sep 19, 2013, 04:59 PM
That's good to know. But what if someone enables airplane mode as soon as they pick up your phone. Now it can't be tracked until it gets on a network again. When you enable lost mode does it turn on Wifi? Kinda like guest mode on a Mac.

I guess you can turn off control centre in the lockscreen to stop that from happening, but it's a convenient feature for sure.

I'd like the ability to customise what appears in control centre, in both the lock screen and normally. I'd remove airplane mode from the lock screen one.

gentlefury
Sep 19, 2013, 05:01 PM
I guess you can turn off control centre in the lockscreen to stop that from happening, but it's a convenient feature for sure.

I'd like the ability to customise what appears in control centre, in both the lock screen and normally. I'd remove airplane mode from the lock screen one.

Removing airplane mode would be a much better option. I like control center and it would be nice to see in the next point release the ability to select what options show up there. Airplane mode doesn't belong anywhere outside your device IMHO. Even Siri can activate it now...so if you are chasing your phone thief he can conveniently disable it hands free!

They should add a Voice ID for Siri.

Siri: Sorry, I don't recognize your voice...STRANGER DANGER!!!! LOCK DOWN!

I actually wondered if the 5S will allow you to restrict Siri to only authorized finger scans. Seems logical.

matttye
Sep 19, 2013, 05:04 PM
Removing airplane mode would be a much better option. I like control center and it would be nice to see in the next point release the ability to select what options show up there. Airplane mode doesn't belong anywhere outside your device IMHO. Even Siri can activate it now...so if you are chasing your phone thief he can conveniently disable it hands free!

They should add a Voice ID for Siri.

Siri: Sorry, I don't recognize your voice...STRANGER DANGER!!!! LOCK DOWN!


Haha great idea! ..until you get a cold :p

I actually wondered if the 5S will allow you to restrict Siri to only authorized finger scans. Seems logical.

Only thing about that is Siri doesn't have to be activated with the home button. You can turn on the 'raise to speak' option or press a button on a bluetooth stereo/headset to activate Siri.

dejo
Sep 20, 2013, 12:53 AM
Mod Note: Discussion continues here: iOS 7 Lock Screen Vulnerability Gives Access to Photos, Email (http://www.macrumors.com/2013/09/19/ios-7-lock-screen-vulnerability-gives-access-to-photos-email/)