iOS 7 Lock Screen Vulnerability Gives Access to Photos, Email

[crawler1975]

not my case

[url=http://cdn.macrumors.com/im/macrumorsthreadlogodarkd.png]Image[/url]


There appears to be a lock screen vulnerability in iOS 7 that allows access to a device's photos, email, and social networking accounts. According to Jose Rodriguez, who provided a video of the bug to Forbes, a simple set of gestures gives unwarranted access to a device running iOS 7.

The exploit can be initiated by swiping upwards on the device's lock screen to access the Control Center and open the Clock app. Once the clock app is open, holding the phone's sleep button will cause the "Slide to Power Off" option to appear. Tapping on cancel at this juncture and then double clicking on the home button will open the phone's multitasking screen, providing access to the camera and the photos on the device. The key to the trick, however, is to access the camera app from the lock screen first, causing it to appear in the recently used apps list.

Because the photos from the camera app can be shared via Flickr, Twitter, Facebook, and email, an intruder can also gain access to those apps using the sharing tools.

YouTube: video​

Apple has been plagued by lock screen vulnerabilities multiple times over the course of the year, with a bug appearing in iOS 6.1 that allowed lock screen access to the phone when the emergency call function was manipulated.

The current iOS 7 vulnerability can be avoided by preventing the Control Center from appearing on the lock screen. The setting can be turned on by opening the Settings app, selecting "Access on Lock Screen" and toggling it off.

Update: Apple has told AllThingsD that it is working on a fix.

Article Link: iOS 7 Lock Screen Vulnerability Gives Access to Photos, Email

I tried this using my iphone4 with the newly downloaded IOS7... it didn't work - it went back to my lock screen.. it must be an issue with iphone5 or maybe 4s ..

 

[goobot]

Is the exploit that is mentioned above fixed in the new release?

It's just 5s and 5c fixes.

 

[macsrcool1234]

Do people have nothing better to do than to try and find ways to break iOS?

Are you serious? You should be thankful. Facepalm

----------

I guess the looney that figured this out either:
1) Wasn't a developer,
2) Didn't bother to illegally DL a beta, or
3) found it out during beta testing but waited until iOS 7 was officially out to reveal his/her discovery and make a big deal of it.

4) Stumbled upon it after you know, a new version was released to millions of new people.

Take your tin foil hat off, not everybody is in a conspiracy against Apple.

 

[lukabrasi187]

makes no sense, if apple new of the problem then why the hell didnt they didnt address the issue during beta

 

[Itpirate]

I was able to recreate the bug on both my iPhone 5 and my Ipad2. GJ apple.....

 

[inscrewtable]

Doesn't work on iPod Touch

 

[WestCoastPro]

makes no sense, if apple new of the problem then why the hell didnt they didnt address the issue during beta

*knew

 

[iChrist]

I've always wondered how people stumble upon these vulnerabilities, then turn around and are even able to recreate them.

It's a pretty easy way in. Actually I'm not sure how Apple could make that gross of an oversight. Allowing access to multi-tasking from a locked phone. Nice.

 

[apolloa]

This exploit is pretty easy to do, I can do it fine. Hmm not good.

 

[inscrewtable]

I've always wondered how people stumble upon these vulnerabilities, then turn around and are even able to recreate them.

I suppose it's a lot easier than other things people seems to stumble upon like discovering that a highly toxic plant that will kill you is in fact delicious and edible if cooked in boiling water with the leaves of some other related plant for 2 hours. I mean how many people died first.

Or that japanese fish that will kill you 100% if you eat the wrong bit. What happened there? Someone ate the fish and died. This happens a few times then someone say 'oh maybe I can try it and not eat this bit', then they die, and someone else tries not eating a different bit and they die. After hundreds of people die suddenly someone lives and wa la, the secret is discovered, instant japanese delicacy.

 

[vpro]

brilliant!

It is a real travesty the naivety of consumers, to bypass the truth that - security is simply in place to protect the company from thieves attempting to resell their over-priced gadgets, not really to protect the owners security at all. ALL is - just an illusion, selling the "sense of security" - that's all. People who really want to get information will get it - they are out there and they are many steps ahead, they are devoted to getting information they need. The average consumer has only their pathetic ID and -$4 bank accounts to lose while a small number of consumers have way more to lose and hide than that. At the end of the day, it is all worthless, it is just a stupid fone. HAH!

 

[kazmac]

thanks for posting how to prevent the access

I appreciate being able to prevent this so easily. That Apple is working on a fix is even better, but at least there is something which can be done immediately.

 

[RedOrchestra]

WHO CARES!!!

99.9999999999999999999999999% of the people who steal a phone

along with

99.9999999999999999999999999% of the people who buy the phone

could care less.

it's a flip - the steps required are way to complex for the fencers and fencees.

 

[george-brooks]

Didn't work for me on my iPhone 5 running iOS 7

 

[RedOrchestra]

AND, if you carelessly lose your phone, you deserve to be hacked!

 

[ikramerica]

WHO CARES!!!

99.9999999999999999999999999% of the people who steal a phone

along with

99.9999999999999999999999999% of the people who buy the phone

could care less.

it's a flip - the steps required are way to complex for the fencers and fencees.

This one is bad though because basically, a "friend" in highschool can "borrow" your phone, take pictures, then upload them to YOUR facebook account. Or upload any pic on your phone to your facebook. Ouch...

Of course I'm not in highschool and that won't happen to me because I don't use facebook, but it still would suck for others.

 

[thebeans]

To the left of the speaker, in the photo, there is a round 'something' that my iPhone 5 doesn't have?

Flash for front camera?

The 5 does have that "something". It is the proximity sensor. I have a 5 and it looks just like that at the top. It is not very visible on the black iPhone.

 

[steiney]

I wish since I don't have a passcode, that when I access the camera from the lock screen I could have the share option available when looking at recently taken pictures.

Jailbreak on iOS 6 and install CameraTweak. It enables that. I feel your pain though. I hate the lack of a share button in the preview pane of the camera app.

 

[baileyw813]

I have iPhone 5 gsm and I can not reproduce this issue. I have tried it a dozen or so times. It it only a 4 or 4s issue? My phone always kicks me back to the lock screen. And there is no 7.0.1 update for iPhone 5... Says I'm up to date with 7.0.0

 

[RedOrchestra]

This one is bad though because basically, a "friend" in highschool can "borrow" your phone, take pictures, then upload them to YOUR facebook account. Or upload any pic on your phone to your facebook. Ouch...

Of course I'm not in highschool and that won't happen to me because I don't use facebook, but it still would suck for others.

IF you lend your phone out, you are responsible for your actions!

 

[gentlefury]

7.0.1 is out.

Image

It's only out for 5s.

 

[cuestakid]

I am able to re-produce all parts except getting into email. I can get to the clock and get to the multi tasking, but i cannot get into the mail app to view the emails. I can however, get into the camera app and share various things.

has anyone been able to get access to the mail app and view emails?


This control center better be something that us in IT can disable-otherwise they will have a hard time convincing IT departments to switch. This, combined with the really easy ability to turn on airplane mode is not going to sit well with those who are responsible for mobile device security.

 

[ElTorro]

Pick one that the Applelogists will go for:

- Why are people keeping their Photos in the multitasking bar?
- I've never had that problem!!! This guy is just looking to create trouble for Apple.
- Go get an Android if you don't like the way the lock screen behaves.

In reality though, I'm sure this'll be fixed in 7.0.1 or 7.0.2.

So true

 

[white4s]

jobs is looking down on cook shaking his damn head

 

[griz]

Is this really a bug?

The one thing he neglects to show is him re-locking the phone. He unlocked it, but if he has it set to relock after 1 minute, then the phone really isn't locked. I can consistently repeat the behavior shown and access any app in my multitasking manager when my phone is set to relock after 1 minute. But setting it to lock immediately, I can not repeat this behavior.
This is the way the phone would work through the camera on old systems as well. So is this really a bug or a lack of understanding of when the phone is actually locked?
Since Apple has confirmed that a fix is coming I would think it real. But I can not repeat it as show when I set lock to immediate. Which is how I will leave it.

Edit:
Thought I would mention. I am on an iPhone4, and as others have mentioned, i don't think it works on the 4. So maybe that is why I can't repeat it.

Edit:
Confirmed it on my iPad Mini and now on my iPhone4. Took many tries to get the timing of the home button double tap after pressing cancel. Was much easier on the Mini. Here comes 7.0.1.