Go Back   MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Sep 19, 2013, 04:29 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
iOS 7 Lock Screen Vulnerability Gives Access to Photos, Email




There appears to be a lock screen vulnerability in iOS 7 that allows access to a device's photos, email, and social networking accounts. According to Jose Rodriguez, who provided a video of the bug to Forbes, a simple set of gestures gives unwarranted access to a device running iOS 7.

The exploit can be initiated by swiping upwards on the device's lock screen to access the Control Center and open the Clock app. Once the clock app is open, holding the phone's sleep button will cause the "Slide to Power Off" option to appear. Tapping on cancel at this juncture and then double clicking on the home button will open the phone's multitasking screen, providing access to the camera and the photos on the device. The key to the trick, however, is to access the camera app from the lock screen first, causing it to appear in the recently used apps list.

Because the photos from the camera app can be shared via Flickr, Twitter, Facebook, and email, an intruder can also gain access to those apps using the sharing tools.

Quote:
I tested the technique on an iPhone 5 running iOS 7, and it worked. Rodriguez's video shows it working on an iPad, too. It's not yet clear if the same exploit can bypass the lockscreen of an iPhone 5s or 5c, but Rodriguez tells me he believes it will. I've reached out to Apple for comment and I'll update this post if I hear from the company.
Apple has been plagued by lock screen vulnerabilities multiple times over the course of the year, with a bug appearing in iOS 6.1 that allowed lock screen access to the phone when the emergency call function was manipulated.

The current iOS 7 vulnerability can be avoided by preventing the Control Center from appearing on the lock screen. The setting can be turned on by opening the Settings app, selecting "Access on Lock Screen" and toggling it off.

Update: Apple has told AllThingsD that it is working on a fix.
Quote:
"Apple takes user security very seriously," Apple spokeswoman Trudy Muller told AllThingsD. "We are aware of this issue, and will deliver a fix in a future software update."
Article Link: iOS 7 Lock Screen Vulnerability Gives Access to Photos, Email
MacRumors is offline   0 Reply With Quote
Old Sep 19, 2013, 04:32 PM   #2
stephen1108
macrumors 6502a
 
Join Date: Sep 2007
Location: Ft. Lauderdale, FL
I've always wondered how people stumble upon these vulnerabilities, then turn around and are even able to recreate them.
stephen1108 is offline   31 Reply With Quote
Old Sep 19, 2013, 04:32 PM   #3
chekk
macrumors newbie
 
Join Date: Jun 2011
Working here on my 4S

Unsettling to be able to see all my photos and contacts on a locked phone without entering my passcode.
chekk is offline   3 Reply With Quote
Old Sep 19, 2013, 04:33 PM   #4
stephen1108
macrumors 6502a
 
Join Date: Sep 2007
Location: Ft. Lauderdale, FL
Maybe tomorrow's release of 7.0.1 will address this?
stephen1108 is offline   3 Reply With Quote
Old Sep 19, 2013, 04:34 PM   #5
RRmalvado
macrumors 6502
 
Join Date: May 2010
Pick one that the Applelogists will go for:

- Why are people keeping their Photos in the multitasking bar?
- I've never had that problem!!! This guy is just looking to create trouble for Apple.
- Go get an Android if you don't like the way the lock screen behaves.

In reality though, I'm sure this'll be fixed in 7.0.1 or 7.0.2.
RRmalvado is offline   7 Reply With Quote
Old Sep 19, 2013, 04:35 PM   #6
AppleMark
macrumors 6502a
 
AppleMark's Avatar
 
Join Date: Jun 2009
Location: The CCTV Capital of the World
Here we go again....

One of the reasons I wait a week or two before upgrading.
__________________
Although I may not always reply to negative comments, this will not necessarily mean that I concede the point.
AppleMark is offline   14 Reply With Quote
Old Sep 19, 2013, 04:35 PM   #7
campingsk8er
macrumors 6502
 
Join Date: Feb 2011
Location: Southern Maryland
Quote:
Originally Posted by stephen1108 View Post
I've always wondered how people stumble upon these vulnerabilities, then turn around and are even able to recreate them.
I'm thinking the exact same thing!!
campingsk8er is offline   3 Reply With Quote
Old Sep 19, 2013, 04:35 PM   #8
gaximus
macrumors regular
 
Join Date: Oct 2011
I wish since I don't have a passcode, that when I access the camera from the lock screen I could have the share option available when looking at recently taken pictures.
gaximus is offline   2 Reply With Quote
Old Sep 19, 2013, 04:36 PM   #9
TouchMint.com
macrumors 65816
 
TouchMint.com's Avatar
 
Join Date: May 2012
Location: Phoenix
deja vu... feel like this same thing happened during iOS6
__________________
TouchMint.com iOS App Site
Adventure To Fate iOS RPG Game Site
Indie iOS Game: Adventure To Fate : A Quest To The Core JRPG

TouchMint.com is offline   1 Reply With Quote
Old Sep 19, 2013, 04:37 PM   #10
aircanman
macrumors 6502
 
Join Date: Feb 2011
Location: UK
Do people have nothing better to do than to try and find ways to break iOS?
aircanman is offline   9 Reply With Quote
Old Sep 19, 2013, 04:37 PM   #11
notjustjay
macrumors 603
 
notjustjay's Avatar
 
Join Date: Sep 2003
Location: Canada, eh?
Quote:
Originally Posted by stephen1108 View Post
I've always wondered how people stumble upon these vulnerabilities, then turn around and are even able to recreate them.
Often just by playing around. Sometimes playing around leads to one thing which causes you to realize "Wait, what if I do this too?" and, whoops, you've stumbled on a path that nobody ever expected.

Then you realize you're in the "bad" state (I can see photos and I'm not supposed to be able to!) and the next step is to try to recreate the actions that got you there, until you distill it down to exactly what the problem is.

Then you file a problem report to the software guys and they can fix it...

Locking down software is kind of like locking down a physical room. It's easy to set up the obvious stuff -- put locks on the doors and windows -- but then you have to start thinking about the more far-fetched scenarios. What if you gained access to the boiler room, then snuck up through the ceiling tile? What if someone manages to find the spare key to the lock that you left in the bedroom? Thorough testing, and/or reports from accidental discoveries like this, are what's needed to plug up all the holes.

Quote:
Originally Posted by aircanman View Post
Do people have nothing better to do than to try and find ways to break iOS?
No software is perfect. Don't you want them to find the flaws so they can be fixed quickly?
__________________
.

Last edited by notjustjay; Sep 19, 2013 at 04:45 PM.
notjustjay is offline   9 Reply With Quote
Old Sep 19, 2013, 04:38 PM   #12
RedRaven571
macrumors 6502a
 
RedRaven571's Avatar
 
Join Date: Mar 2009
Location: Pennsylvania
Quote:
Originally Posted by stephen1108 View Post
I've always wondered how people stumble upon these vulnerabilities, then turn around and are even able to recreate them.
Me too! Really, you swipe up to show the control center, then you turn your car on and off 6 times in succession, while jumping up and down on your left foot, while eating an apple (a Granny Smith, specifically) and humming the theme to 'Gilligan's Island" and you will be able to see internet photos of your own privates......

WHO has the time to do this stuff?
__________________
“Oh, yeah. Oooh, ahhh, that's how it always starts. Then later there's running and screaming.”
- Dr. Ian Malcolm
RedRaven571 is offline   6 Reply With Quote
Old Sep 19, 2013, 04:38 PM   #13
Thierry ba
macrumors 6502
 
Join Date: Apr 2012
Location: Sarajevo, Bosnia
7.0.1 is out.

Thierry ba is offline   2 Reply With Quote
Old Sep 19, 2013, 04:38 PM   #14
Springman
macrumors newbie
 
Join Date: Aug 2013
Easy fix - just turn off access to the control center from the lock screen.

I too am amazed at how people figure this stuff out....ok, stand on one leg, wear an eye patch and bark like a dog. If you do those things then the software will hiccup.

Springman is offline   8 Reply With Quote
Old Sep 19, 2013, 04:41 PM   #15
RedRaven571
macrumors 6502a
 
RedRaven571's Avatar
 
Join Date: Mar 2009
Location: Pennsylvania
Quote:
Originally Posted by Thierry ba View Post
7.0.1 is out.
Mine still says up to date..... Is that a 5?
__________________
“Oh, yeah. Oooh, ahhh, that's how it always starts. Then later there's running and screaming.”
- Dr. Ian Malcolm
RedRaven571 is offline   0 Reply With Quote
Old Sep 19, 2013, 04:42 PM   #16
velocityg4
macrumors 68040
 
velocityg4's Avatar
 
Join Date: Dec 2004
Location: Georgia
Apple really needs to implement a full lockdown lockscreen option. Where all you can do is swipe to unlock. No playing music, emergency dialing, answering calls, silencing alarm, &c. Just complete and total lockdown for people with sensitive information.
__________________
Quadra 650 040 33MHz 72MB RAM, 2GB HD, 2x CD
Macbook C2D 2.0Ghz; 3GB RAM, 500GB HD
Home Made i5 4.0Ghz, GeForce 560 Ti, 16GB RAM, 256GB SSD RAID 0, 3TB HD RAID 0 in a G5 Case.
velocityg4 is offline   4 Reply With Quote
Old Sep 19, 2013, 04:42 PM   #17
KJmoon117
macrumors 6502a
 
Join Date: Jun 2007
Location: NC
The first thing I turned off when I installed iOS 7.

The control center is a bit too much power for someone to have over my phone if they don't know my passcode.
KJmoon117 is offline   7 Reply With Quote
Old Sep 19, 2013, 04:42 PM   #18
mikegrad
macrumors newbie
 
Join Date: Aug 2012
cant make it work

ive been trying to get this to happen, cant make it work on my 5.
mikegrad is offline   0 Reply With Quote
Old Sep 19, 2013, 04:42 PM   #19
TWSS37
macrumors 6502a
 
Join Date: Feb 2011
One moment you're getting praised for security, the next you're getting ripped for exploits
__________________
Nexus 6 Droid Turbo Moto 360
TWSS37 is offline   7 Reply With Quote
Old Sep 19, 2013, 04:43 PM   #20
DavidLeblond
macrumors 68020
 
DavidLeblond's Avatar
 
Join Date: Jan 2004
Location: Raleigh, NC
Quote:
Originally Posted by RedRaven571 View Post
Mine still says up to date..... Is that a 5?
7.0.1 is 5S and 5C only. That picture is clearly a 5S. Look at the home button.
__________________
iOS Developer

Last edited by DavidLeblond; Sep 19, 2013 at 04:44 PM. Reason: forgot to add 5C
DavidLeblond is offline   8 Reply With Quote
Old Sep 19, 2013, 04:43 PM   #21
volcom883
macrumors regular
 
Join Date: Sep 2008
Location: istanbul
Listen to this one then!

Even if you have the password lock on when you connect the iphone to any mac and open Image Capture app you can see and transfer all the videos&photos... (i bet you can also do it on pc too)

i thought this was gonna be fixed with ios 7 but it hasnt.

basically because of this i never give my phone to charge on a laptop at hotels and restaurants!!!

the funniest part: without entering the passcode if you take photos you can only see the ones you recently took... (i guess they wanted us to protect our photos here. thanks apple)
volcom883 is offline   1 Reply With Quote
Old Sep 19, 2013, 04:43 PM   #22
alexk403
macrumors member
 
Join Date: Jul 2012
Quote:
Originally Posted by Thierry ba View Post
7.0.1 is out.

Image
It's out for the iPhone 5S and 5C. Nothing else. Notice the home button tells you this is the 5S
alexk403 is offline   1 Reply With Quote
Old Sep 19, 2013, 04:43 PM   #23
tonybyatt
Guest
 
Join Date: Jul 2013
Ha...what a joke...and the Betas accomplished what?
tonybyatt is offline   1 Reply With Quote
Old Sep 19, 2013, 04:44 PM   #24
Decimotox
macrumors regular
 
Join Date: Jul 2013
I also have been trying to do this and it doesn't work on my iP5
Decimotox is offline   2 Reply With Quote
Old Sep 19, 2013, 04:45 PM   #25
RedRaven571
macrumors 6502a
 
RedRaven571's Avatar
 
Join Date: Mar 2009
Location: Pennsylvania
Quote:
Originally Posted by mikegrad View Post
ive been trying to get this to happen, cant make it work on my 5.
That's because you forgot to put your left index finger in your right ear....
__________________
“Oh, yeah. Oooh, ahhh, that's how it always starts. Then later there's running and screaming.”
- Dr. Ian Malcolm
RedRaven571 is offline   12 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > MacRumors.com News Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
CAmera access from lock screen drains battery Taylortwocities iOS 7 12 Feb 8, 2014 10:23 AM
iPhone: Restrict access to camera slider on lock screen? Ryan Burgess Jailbreaks and iOS Hacks 1 Jan 19, 2014 04:16 PM
Access Control Center on lock screen? Maskusee iOS 7 3 Sep 21, 2013 04:07 PM
Possilbe in iOS 7 to see email in notification center but not lock screen? durangojim iOS 7 10 Jul 31, 2013 07:40 PM
iOS 6.1 Bug Enables Bypassing Passcode Lock to Access Phone and Contacts MacRumors MacRumors.com News Discussion 188 Feb 21, 2013 03:03 PM

Forum Jump

All times are GMT -5. The time now is 11:18 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC