Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Iphone 5 security Flaw

A

AusTracka

macrumors newbie
Original poster
Jul 21, 2015
8
0
Australia
After giving apple the opportunity to rectify the issue and replace my handset both in store and also multiple emails, I have now posted online. see the attached link.

Security flaw is regardless of turning the mobile hotspot feature off, the phone still broadcasts a network and can be remotely "activated" by another phone(iphone 6) WITHOUT the password. The genius bar attendant advised that they had never seen the issue before and suggested that I check my bank account for any suspicious transactions.... NOTE: the Iphone 6 was brand new and never connected to this device before.

If it was my business, I would replace the phone immediately and send the phone to the engineers for further testing......

 
AusTracka said:
Security flaw is regardless of turning the mobile hotspot feature off, the phone still broadcasts a network and can be remotely "activated" by another phone(iphone 6) WITHOUT the password. The genius bar attendant advised that they had never seen the issue before
Click to expand...
The genius bar should be aware of the "Instant Hotspot" feature, which is what's being shown in the video. Two devices, signed into the same iCloud account, can share a cellular data connection.
The authentication happens via the iCloud account, not via wifi password. Devices which aren't signed into the same iCloud account cannot use this feature and this isn't a security flaw.
http://9to5mac.com/2014/10/26/yosemite-ios-8-how-to-set-up-and-use-instant-hotspot/
 
  • Like
Reactions: Chatter, Lancetx, Applejuiced and 2 others
Isn't that a feature?
You state the iPhone 6 is brand new - but I presume signed in to your iTunes account?
You are able to remotely initiate the hotspot from one of your other signed in devices part and parcel of "Continuity"
 
  • Like
Reactions: Applejuiced and aristobrat
AusTracka said:
Security flaw is regardless of turning the mobile hotspot feature off, the phone still broadcasts a network and can be remotely "activated" by another phone(iphone 6) WITHOUT the password.
Click to expand...
Here's an Apple article regarding this feature. It basically says what chrfr and MDF84 said.
OS X Yosemite: Connect to the Internet using Instant Hotspot

Use Instant Hotspot on your iPhone (with iOS 8) and iPad (cellular models with iOS 8) to provide Internet access to your Mac computers and other iOS devices (with OS X Yosemite or iOS 8) that are in range and signed into iCloud using the same Apple ID. Instant Hotspot uses your iPhone or iPad Personal Hotspot—you don’t have to enter a password or even turn on Personal Hotspot.
Click to expand...
 
Applejuiced said:
Another newbie with a wild story:D
Its designed to work like that between shared accounts and it will not work the same with random strangers devices.
Click to expand...
IMO, he had a valid concern, and it sounds like the Genius Bar botched up a chance to explain to him how it worked. Not sure my next step would be posting it up as a security flaw (vs. posting up asking if it was behavior someone else had seen before), but to each their own. :)
 
  • Like
Reactions: Applejuiced
Applejuiced said:
Another newbie with a wild story:D
Its designed to work like that between shared accounts and it will not work the same with random strangers devices.
Click to expand...

Ok Applejuiced, maybe the genius bar "NEWBIE" attendant who could see my hotspot on their phone from their personal phone somehow obtained my password and logged in to my icloud??.

Thanks for the feedback anyway, i've now got a reply to my email so the post has worked.
 
AusTracka said:
Ok Applejuiced, maybe the genius bar "NEWBIE" attendant who could see my hotspot on their phone from their personal phone somehow obtained my password and logged in to my icloud??
Click to expand...
Rather than be argumentative, provide some details for a discussion. Both devices are not yours? Which version of iOS is on each? Is either device jailbroken?
The video does not show anything other than expected behavior if iCloud/Continuity/Instant Hotspot are configured.
 
  • Like
Reactions: Applejuiced
Applejuiced said:
A valid concern that could have easily being answered/debunked with a quick search online.
Click to expand...

Nothing valid about a genius bar attendant been able to see my phones hotspot when it is physically switched off ? Since getting the phone replaced by apple in August last year the diagnostics show it has been recharged over 520 times. Most weekdays the phone is flat by lunchtime and requires recharging(weekdays when its switched on)
 
AusTracka said:
Nothing valid about a genius bar attendant been able to see my phones hotspot when it is physically switched off ? Since getting the phone replaced by apple in August last year the diagnostics show it has been recharged over 520 times. Most weekdays the phone is flat by lunchtime and requires recharging(weekdays when its switched on)
Click to expand...

Seeing a hotspot name it's not a security flaw.
And neither is a bad battery life or any other hardware issue you were having.
 
chrfr said:
Rather than be argumentative, provide some details for a discussion. Both devices are not yours? Which version of iOS is on each?
The video does not show anything other than expected behavior if iCloud/Continuity/Instant Hotspot are configured.
Click to expand...

Argumentative ? I simply posted my issue with replys that it was not a problem. Both devices are mine, I attended an apple store with the issue of the phone going flat halfway through the day and that the hotspot is visible to others. The "deactivated" hotspot was visible on their personal iphone. After upgrading to 2 x iphone 6's, both of these phones could see my iphone 5's hotspot.
 
Applejuiced said:
Seeing a hotspot name it's not a security flaw.
And neither is a bad battery life or any other hardware issue you were having.
Click to expand...

OK, so if you have physically deselected the mobile hotspot feature and your phone continues to broadcast this and allows other devices without a password to activate it and connect you don't see this to be an issue ? OK...
 
AusTracka said:
OK, so if you have physically deselected the mobile hotspot feature and your phone continues to broadcast this and allows other devices without a password to activate it and connect you don't see this to be an issue ? OK...
Click to expand...


It only allows that to devices signed into your icloud ID.
Its a feature meant to work like this. You still dont get it or you just act like you don't?
It works like that with only your phones logged into your itunes account. How many times do they need to explain it to you?
 
  • Like
Reactions: MDF84
Applejuiced said:
It only allows that to devices signed into your icloud ID.
Its a feature meant to work like this. You still dont get it or you just act like you don't?
It works like that with only your phones logged into your itunes account. How many times do they need to explain it to you?
Click to expand...

OK applejuiced, Please re-read my posts. I will rewrite to make it clear. I have never disclosed my icloud account details to the genius desk operator or any other person for that matter. I asked the genius bar operator to get out their phone and search for my device to which they were able to within seconds. The "wireless hotspot" tab was deselected on my Iphone 5 yet the genius bar operator was STILL able to see my phones SSID on his. have I missed something ?
 
chrfr said:
Rather than be argumentative, provide some details for a discussion. Both devices are not yours? Which version of iOS is on each? Is either device jailbroken?
The video does not show anything other than expected behavior if iCloud/Continuity/Instant Hotspot are configured.
Click to expand...

Hi Chrfr, No neither device ever jailbroken. Brand new Iphone 6 only 20mins old, 8.3(12F70)
Iphone 5 8.4(12H143)
 
Earlier you said it was accessed with 2 other of your signed in phones and we explained to you that yes because you all use the same icloud, now you're saying that is was accessed by an employee's iphone.
Sorry, not buying your crazy story...
 
  • Like
Reactions: MDF84
Applejuiced said:
Earlier you said it was accessed with 2 other of your signed in phones and we explained to you that yes because you all use the same icloud, now you're saying that is was accessed by an employee's iphone.
Sorry, not buying it your crazy story...
Click to expand...

Yes I agree with what your saying Applejuiced, 100% it was able to be accessed by 2 x Brand new iphone 6 phones on Saturday(2 days ago). to prove this point I requested that the apple genius bar attendant get out his personal mobile and check for hotspots. when he searched he was able to see my hotspot that was supposed to be switched off(he was physically watching the phone). his comment was "that's not supposed to happen" check your bank accounts for any suspicious activity if you bank on your phone........

I will also mention for your benefit Applejuiced that he took it out the back and commented that the issue had not been seen by them before and was possible related to my screen that was replaced aftermarket as they had seen on board chips replaced previously. At the time of the screen damage I was in a very remote area and could not travel to an apple store(10hr round trip) to get it replaced and fixed to working order. I would have gone to an apple store if it was within a couple of hour drive........
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back