PDA

View Full Version : Security weakness


iambasil
Sep 21, 2013, 05:41 AM
Not sure if this has been posted before (couldn't find) or even if it's new on iOS 7 - but I found it a bit of a worry:

If I go to
Settings>Safari>Passwords & Autofill>Saved Passwords
it will show all the sites with passwords saved.

By clicking any of these, it will show all the passwords in full, un starred and unencrypted.

I'm not too happy with that! Surely they could require a password to enter that section or just not show the passwords at all? Or give us some sort of option for this not to be visible.

If somebody got into my phone (and lots of people don't like having a password to unlock) they would very easily be able to get every password I have!

I don't have fingerprint security Mr Cook - I'm on an iPhone 5.

I'm putting some feedback for Apple:
http://www.apple.com/feedback/iphone.html

Gav2k
Sep 21, 2013, 05:47 AM
It's been posted a few times. Put a decent passcode on your phone!!!

Techwing
Sep 21, 2013, 05:49 AM
If you are storing passwords, anyone with access to your phone can use them directly to access the resources protected by them. This being so, requiring a password to see what they are doesn't contribute much security, given that they can actually use the passwords without giving any other password.

iBueno
Sep 21, 2013, 05:50 AM
It's not limited to Apple devices; http://www.telegraph.co.uk/technology/internet-security/10228714/Google-Chrome-flaw-exposes-user-passwords.html.

iambasil
Sep 21, 2013, 05:52 AM
I can't believe how flawed that all is.

Schtumple
Sep 21, 2013, 05:59 AM
Not sure if this has been posted before (couldn't find) or even if it's new on iOS 7 - but I found it a bit of a worry:

If I go to
Settings>Safari>Passwords & Autofill>Saved Passwords
it will show all the sites with passwords saved.

By clicking any of these, it will show all the passwords in full, un starred and unencrypted.

I'm not too happy with that! Surely they could require a password to enter that section or just not show the passwords at all? Or give us some sort of option for this not to be visible.

If somebody got into my phone (and lots of people don't like having a password to unlock) they would very easily be able to get every password I have!

I don't have fingerprint security Mr Cook - I'm on an iPhone 5.

I'm putting some feedback for Apple:
http://www.apple.com/feedback/iphone.html

Ok, wow that's actually stupidly easy to get to. I'm surprised it's not locked out by an Apple ID password or something.