Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iOS 7 Lock Screen Vulnerability Gives Access to Photos, Email

Me too; as soon as I saw the new settings for the Control Center in Settings, I disabled it.

However, you can still ask Siri to do a lot of stuff, including revealing the contents of your address book, etc. even when locked.

KJmoon117 said:
The first thing I turned off when I installed iOS 7.

The control center is a bit too much power for someone to have over my phone if they don't know my passcode.
Click to expand...
 
Lock means Lock

I don't understand why we 'lock' our phone, but oh, I do want easy access to this, or to that, or to do this fun little feature. Lock the mother up. Period. I get it, it should work. One of the first things I did was disable my control center from showing up in the lock screen. Duh . . . . :)
 
velocityg4 said:
Apple really needs to implement a full lockdown lockscreen option. Where all you can do is swipe to unlock. No playing music, emergency dialing, answering calls, silencing alarm, &c. Just complete and total lockdown for people with sensitive information.
Click to expand...

You can. Did you read? You can disable Notification Center and Control Center on the Lock screen. That would avoid what''ver is going on here.

That said, I've been unable to reproduce this hack on my iPhone 4.
 
I guess developers and beta testers were unable to find this bug, ha. Or, is this guy smarter than the rest.
 
legacyb4 said:
However, you can still ask Siri to do a lot of stuff, including revealing the contents of your address book, etc. even when locked.
Click to expand...

Yes, I noticed that today. Siri easily gave out my address from the lock screen. Was it like this in iOS6? They should really do something about it.
 
always amazes me that people most likely spend hours on the lock screen, pressing every combination of buttons and functions, guess he tried that with the flashlight, airplane mode and all that aswell just to find something like this.

if tried this exactly 25 times now, succeeded once. Not exactly effective if you are under time pressure is it.
Oh and, plug the phone into a mac, open image capture, and baaam, all photos at your disposal.
 
Ahh… I did it. It works.

Just make sure you turn off the "Accessibility Shortcut" in General > Accessibility. Uncheck all the options. Also, you need to do it quickly before the "Cancel" button goes all the way down the screen, and try to hold your second press of the Home Button just a slightly little bit longer.
 
This vulnerability proves the need for TouchID even more.

The main reason for all these easy-to-do things on the lockscreen is that you want to get to something quickly without having to swipe and type in your passcode. I just want to take a picture, not spend 5 seconds to do that first.

With the fingerprint scanner, just grab the phone with your finger holding the fingerprint scanner, and you're unlocked in less than a second, and you have access to that camera right away. No real need for that lock screen functionality like you used to be.
 
confirmed on a 4 and 5 both running 7.0. Was able to send out iMessages from the devices. Best fix is disabling control center access from the lock screen.

----------
virginblue4 said:
Cannot replicate it for the life of me on my iPhone 5.
Click to expand...

i was able to reproduce this on a 4 and a 5. the 5 was extremely touchy on doing it - i had to try four times on a 5 before it worked - but it *did* work.
 
tokevino said:
With passcode lock setting to "immediately", I am unable to duplicate this behavior whatsoever. The video demo does not seem to indicate the device's passcode lock setting period, so I do not buy this story until further proof.
Click to expand...

This!

Only when I have "require passcode" set to anything other than "immediately" am I able to get the "exploit" to work. And then it's only because the required amount of time since I locked it hasn't elapsed yet to actually require a passcode to unlock it.
 
BC2009 said:
I agree, but I discovered a side effect... No more AirPlay control from the lock screen if music is playing. Apple pulled the AirPlay button from the playback controls on the lock screen as well as in the Music app. I have already submitted feedback to bring the AirPlay button back. If you disable Control Center while in an app there is no way I could find to activate AirPlay while in the Music app playing music. This is definitely a usability flaw.
Click to expand...

Same for orientation lock. In several situations, it's impossible to even open Control Center within an app because it won't respond if a keyboard is displayed along the bottom of the screen, for example. So I need to leave the app or that mode of it, open Control Center, change the setting, and then return to the app. Big usability flaw for something that was trivial to do before.
 
chrismac2 said:
This!

Only when I have "require passcode" set to anything other than "immediately" am I able to get the "exploit" to work. And then it's only because the required amount of time since I locked it hasn't elapsed yet to actually require a passcode to unlock it.
Click to expand...

Hmmm, maybe that's why I was also unable to reproduce this "exploit". I changed my setting to Immediately to test it out and it wasn't working. It's obvious that access would be granted within any other allowed time period.

Gonna test that theory now...
 
I got this to work on my iPhone 5 and even more, I was able to navigate the whole phone after.

Here's what I did:

After pressing the cancel button for powering down on the clock app, I press the home button until the apps displayed and kept clicking on the photo album until it opened up, then even scarier, I simply pressed the home button and was able to have FULL access to the iPhone. Can anyone else confirm this?
 
There are two sides to security of anything from a house to an iOS device. A) One side must anticipate every conceivable way a person might try to get in and set up security to prevent that from happening while still allowing the house (or device) to be accessed without hassle by the rightful owner, B) The one looking for the single vulnerability that was missed.

I think Apple has done a great job of adding security without it being in the way and I am sure they will continue to improve security with updates as they always have. A device that is totally secure would be one that is powered down, placed in a steel box and the lid welded shut. That would make it a bit difficult to use.
 
Oh thanks, hackers

I just tried this and "iPhone is disabled." These guys live in a netherworld. Oh, wait, they're "security researchers."
 
For all those who can't replicate the bug. First try turn off your "Accessibility Shortcut" (triple-click home button) in Accessibility.
 
kwikdeth said:
confirmed on a 4 and 5 both running 7.0. Was able to send out iMessages from the devices. Best fix is disabling control center access from the lock screen.

----------



i was able to reproduce this on a 4 and a 5. the 5 was extremely touchy on doing it - i had to try four times on a 5 before it worked - but it *did* work.
Click to expand...

I believe that it works I just cannot replicate it at all. Tried over 15 times! Oh well, suppose that's not a bad thing haha ;)
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back