Hey!
Back in July with Beta 3 I think I ran into a (one time) password bypass: My phone was locked after restart (no FaceID) and I started typing my password while it was attached to a power cord. Holding the phone "in landscape" (I lay in bed) triggered StandBy and the "This is the new landscape mode" onboarding screen appeared. To my surprise the phone was unlocked once I clicked the continue button. Since the onboarding screen is only shown once, unfortunately I cannot reproduce it myself.
I created an issue (FB12669578) in the Feedback Assistant on July 19th and because of the possible security implications I did not publicly ask others if this is happening to others. I did not get any feedback from Apple and with the public launch being this close I would like to ask you: If you have never seen StandBy mode, could you
- restart the phone (to turn off FaceID)
- connect it to a power cable
- start typing your password
- hold it parallel to the ground (i.e. in landscape)
- wait for StandBy mode to trigger
- press "okay"/"continue" on the onboarding screen
- is your phone unlocked now?
There is a tiny chance that I actually finished typing my password, but the moment the info screen popped up I felt like "Damn, I was almost done typing my >10 character alpha-numeric password and now the screen appears". Also it was in Beta 3, so even if this was an issue, it could have been fixed since then.
Back in July with Beta 3 I think I ran into a (one time) password bypass: My phone was locked after restart (no FaceID) and I started typing my password while it was attached to a power cord. Holding the phone "in landscape" (I lay in bed) triggered StandBy and the "This is the new landscape mode" onboarding screen appeared. To my surprise the phone was unlocked once I clicked the continue button. Since the onboarding screen is only shown once, unfortunately I cannot reproduce it myself.
I created an issue (FB12669578) in the Feedback Assistant on July 19th and because of the possible security implications I did not publicly ask others if this is happening to others. I did not get any feedback from Apple and with the public launch being this close I would like to ask you: If you have never seen StandBy mode, could you
- restart the phone (to turn off FaceID)
- connect it to a power cable
- start typing your password
- hold it parallel to the ground (i.e. in landscape)
- wait for StandBy mode to trigger
- press "okay"/"continue" on the onboarding screen
- is your phone unlocked now?
There is a tiny chance that I actually finished typing my password, but the moment the info screen popped up I felt like "Damn, I was almost done typing my >10 character alpha-numeric password and now the screen appears". Also it was in Beta 3, so even if this was an issue, it could have been fixed since then.