Second Lock Screen Bypass in iOS 6.1 Documented

[marc11]

Quote:

Originally Posted by NT1440

I can tell from the underlined that you don't actually understand software development. Hackers? Really?

Find me one OS on the planet that doesn't have a security hole somewhere in it. This is a game of patch a hole, find 2 others. Software is not a cut and dry field.

Never said I was a developer, never once, never tried to pretend to be. Okay, hackers, yes, someone that uses a subversive way to gain access to my device without my authority. They used a hack, back door, work around, does it REALLY MATTER what it's called?

You are avoiding the point, I know the game, that is not the point, the point is the Apple apologists that just say oh well, no big deal. No one ever said it was cut and dry, I didn't either, but two exploits inside a couple of weeks, one right after it has been patched is bad and needs to be fixed. That is all I said.

It has nothing to do with other OS having holes, does it, really? Does that make it better? Java has holes, it blows, does that somehow lesson the hole in iOS or make it any less concerning to iOS device users?

I will state my point again, in easy words for you to understand....This exploit and the recent exploit are concerning, Apple needs to step up and plug these holes as quickly as possible.

Period, end of my discussion with you.

[NT1440]

Quote:

Originally Posted by marc11

Never said I was a developer, never once, never tried to pretend to be. Okay, hackers, yes, someone that uses a subversive way to gain access to my device without my authority. They used a hack, back door, work around, does it REALLY MATTER what it's called?

You are avoiding the point, I know the game, that is not the point, the point is the Apple apologists that just say oh well, no big deal. No one ever said it was cut and dry, I didn't either, but two exploits inside a couple of weeks, one right after it has been patched is bad and needs to be fixed. That is all I said.

It has nothing to do with other OS having holes, does it, really? Does that make it better? Java has holes, it blows, does that somehow lesson the hole in iOS or make it any less concerning to iOS device users?

I will state my point again, in easy words for you to understand....This exploit and the recent exploit are concerning, Apple needs to step up and plug these holes as quickly as possible.

Period, end of my discussion with you.

Aw, you were just getting fun.

Timing of exploits? You really don't get the game...

The sky is falling! The sky is falling!

Good day sir.

[darkcurse]

It seems to me, this has been blown totally out of proportion. The hack itself is pretty fiddly and having read/write access to your device is a big deal sure, but less so if its because of physical access. In the time that some imaginary "attacker" has to try to break into the phone, one could just wipe it remotely via iCloud anyway.

I mean, if someone really wants to get into your phone and they actually have your phone, then there's pretty much no stopping them. And your average thief probably isn't interested in your personal data anyway (they would just wipe it to sell) in which case, again meh.

There is a fix for this though, don't use the simple pin code. Use a more complicated password.

[lunaoso]

Quote:

Originally Posted by anthony11

Not nearly as "rediculous" as writing about the "hard drive" in a device that has none.

Give me a little leeway. I was typing leftie while doing writing some stuff down.

[vmachiel]

Just keep the damn phone in your pocket

[pjny]

Just curious: how do these people find these exploits? It seems to be quite a combination of button presses to test out if you are looking for a flaw. Thanks.

[M-O]

Quote:

Originally Posted by Radio

Apple priorities - stop innovation from jailbreak community then fix security issues

? they have come out with two updates since the jailbreak and neither one of them have attempted to close the jailbreak exploit. so...

----------

Quote:

Originally Posted by pjny

Just curious: how do these people find these exploits? It seems to be quite a combination of button presses to test out if you are looking for a flaw. Thanks.

i can't do this when i try. but if someone really wants to get into your phone, they will keep at it. hopefully it will take them longer to do this than it does for me to realize my phone is gone & remote wipe it.

[Mactendo]

Quote:

Originally Posted by Radio

Apple priorities - stop innovation from jailbreak community then fix security issues

Jaibreakers priorities - whining about iOS then whining about Apple

[gatearray]

Quote:

Originally Posted by dweezle3

These guys really have way too much time on their hands...

ahh, to be 14 years old again without a job...

[Radio]

Quote:

Originally Posted by Mactendo

Jaibreakers priorities - whining about iOS then whining about Apple

Why I outta ..

[morespce54]

Quote:

Originally Posted by el-John-o

Not when there is a passcode on it. When there is a passcode, the phone won't mount as a 'camera' like it can unlocked, and apps like iExplorer cannot access the drive

I have to disagree. I can use my iPhone with a (simple) passcode and add/retrieve data with iExplorer whenever I want. I have to admit that I am using a Macbook that I previously used to sync my phone.

[Intell]

Quote:

Originally Posted by morespce54

I have to disagree. I can use my iPhone with a (simple) passcode and add/retrieve data with iExplorer whenever I want. I have to admit that I am using a Macbook that I previously used to sync my phone.

That's because your computer has been authenticated with your iPhone. Try that on a computer that has never been connected to your phone before and make sure the phone is locked so that the passcode is needed to get to the homescreen. You won't be able to see the pictures or browse its contents.

[el-John-o]

Quote:

Originally Posted by morespce54

I have to disagree. I can use my iPhone with a (simple) passcode and add/retrieve data with iExplorer whenever I want. I have to admit that I am using a Macbook that I previously used to sync my phone.

There's the key right there, you've synced it to iTunes. So if someone had physical access to both your computer and your iPhone, sure.. but at some point you'll decide that the only secure way to have a smartphone is to not have a smartphone!

If I steal your iPhone when I see it sitting on a table somewhere, take it home; if it has even a simple passcode on it, I won't be able to access it's files.

[Intell]

Quote:

Originally Posted by el-John-o

If I steal your iPhone when I see it sitting on a table somewhere, take it home; if it has even a simple passcode on it, I won't be able to access it's files.

Unless it's an A4 device or older. Then it's just a very simple matter of a SSH ramdisk. But that's for a whole other thread.

[el-John-o]

Quote:

Originally Posted by Intell

Unless it's an A4 device or older. Then it's just a very simple matter of a SSH ramdisk. But that's for a whole other thread.

Or I'm a skilled hacker with knowledge of exploits that aren't public, or I've installed malware on the device, or I've held you at gunpoint until you give me the passcode, etc.

Like I said. There's reasonably secure, and then there's shivering under your blanket because you've realized crap happens to everyone and there's nothing you can do about it! I'll take reasonable precautions to protect myself and what's important to me, but in the end, you'd go crazy trying to devise a way in which your data is absolutely full-proof.

[twigman08]

While I agree Apple needs to get these patched, it is very important, I also understand that this just isn't a one day job. Hell it isn't even a week job really!

While the exploits might had been found fast, lots of times it can be very hard for developers to track down these exploits, trying to find the CORRECT fix for them (Apple only using a band-aid fix will only make matter worse in the long run), repeating the exploit over and over, then finding any more obvious bugs this may had caused, testing those out, then digitally releasing the code and getting it out in the public can take a lot longer than it seems most people think. It makes it even worse or harder than this is an OS they are working on. It isn't just a simple App you made or even a game (which are also very hard to debug) where you can find it in a day or two and have a fix out very fast. This is a full fledged OS. They must make sure some other bugs or security flaws were created during this time. Also unlike a simple app or game you can't just create a band-aid fix. It must be a complete fix.

[yappco]

That was a reason for me to create Vault application (http://www.thevaultapp.com), thanks to it, all my media files are encrypted and even after getting access to my phone storage, they stay safe.