Your pictures are not secure on iOS 7

DarkViper338

macrumors newbie
Original poster
Jun 13, 2013
1
0
If you use a passcode on your iPhone (and you should), see if this works:

- Lock your phone
- Hit your home button to wake it up
- Instead of swiping to enter your passcode, open the new Control Center (up from the bottom)
- Open the Calculator
- Open the Control Center AGAIN
- Open the Camera
- Hit the photo in the left corner

See if you can see all the photos on the phone. I can.

I've also made it to the home screen from here once or twice without a passcode, but can't reproduce that right now. Maybe if other people try it.
 

C DM

macrumors Sandy Bridge
Oct 17, 2011
48,133
16,399
In all these cases, are you sure your passcode is activated when you try doing any of this? Basically, did you try unlocking first to see that you are actually prompted for a passcode, before going back to the lock screen and trying it all?

What I've personally noticed is that the passcode prompt for me sometimes simply doesn't get activated. Let's say if I have it say to prompt after 5 minutes, and 5 minutes pass (or sometimes even 10 or 15) and I try to unlock my phone, I can sometimes do it without being prompted for my passcode. Perhaps that might be the underlying issue.
 

0000757

macrumors 68040
Dec 16, 2011
3,894
842
It's due to the way Control Center handles quick launching the programs.

Control Center treats the Lock Screen as the home screen or another app, which is why you can do that.

Of course it's obviously a beta issue. Future betas will probably have Control Center function with the lock screen as the lock screen and block launching without inputing a passcode.

Unless of course you don't use a password, in which case you were already vulnerable. :p

----------

In all these cases, are you sure your passcode is activated when you try doing any of this? Basically, did you try unlocking first to see that you are actually prompted for a passcode, before going back to the lock screen and trying it all?
I can confirm it does even with the passcode active. See what I wrote above.
 

FlatlinerG

macrumors 6502a
Dec 21, 2011
711
5
Ontario, Canada
In all these cases, are you sure your passcode is activated when you try doing any of this? Basically, did you try unlocking first to see that you are actually prompted for a passcode, before going back to the lock screen and trying it all?

What I've personally noticed is that the passcode prompt for me sometimes simply doesn't get activated. Let's say if I have it say to prompt after 5 minutes, and 5 minutes pass (or sometimes even 10 or 15) and I try to unlock my phone, I can sometimes do it without being prompted for my passcode. Perhaps that might be the underlying issue.
Yup, I even have an exchange account on my iPhone which requires a passcode. I haven't not used a passcode in ages.
 

PrometheusGeek

macrumors regular
Mar 19, 2012
231
0
If you use a passcode on your iPhone (and you should), see if this works:

- Lock your phone
- Hit your home button to wake it up
- Instead of swiping to enter your passcode, open the new Control Center (up from the bottom)
- Open the Calculator
- Open the Control Center AGAIN
- Open the Camera
- Hit the photo in the left corner

See if you can see all the photos on the phone. I can.

I've also made it to the home screen from here once or twice without a passcode, but can't reproduce that right now. Maybe if other people try it.
Good find. But, this is a Beta, and if you're using it legally (as a registered Dev), then you've consented to an NDA. You shouldn't be posting this kind of finding on a public forum. It should be reported directly to Apple because that's the whole point of Betas.
 

TillysWily

macrumors regular
Jun 8, 2011
204
16
I can confirm that this does happen with the pass code set. I swiped to make sure it asked for a passcode then went back and tried it and yes I can look at my pictures. I'm sure this will get fixed in future builds. I will be pissed though if they make u use your passcode to look at the control panel!!!!!
 

C DM

macrumors Sandy Bridge
Oct 17, 2011
48,133
16,399
For the time being I ended up disabling Control Center on the lockscreen anyway so as not that much access to various phone functions are available on the phone (whether or not there are any bugs with passcode requirements).
 

0000757

macrumors 68040
Dec 16, 2011
3,894
842
I can confirm that this does happen with the pass code set. I swiped to make sure it asked for a passcode then went back and tried it and yes I can look at my pictures. I'm sure this will get fixed in future builds. I will be pissed though if they make u use your passcode to look at the control panel!!!!!
They won't make it so you have to enter a password to, it'll probably just be handled where tapping one of the quick apps prompts the password, similar to how in iOS 5 and 6, when you quick launch the camera and then hit the home button it asks for your password.
 

BFG86

macrumors 6502
Oct 14, 2011
397
88
weird i didn't even know you could slide to the right instead of entering the passcode. just assumed you had to enter the passcode to see the lock screen. wish they could disable that
 

AlphaDeuce

macrumors newbie
Jun 7, 2013
24
0
Nor-Cal
Good find. Be a good beta tester and detect bugs, report it, confirm fixes in the next build, and be glad you helped out the iOS community.
 
Last edited:

C DM

macrumors Sandy Bridge
Oct 17, 2011
48,133
16,399
weird i didn't even know you could slide to the right instead of entering the passcode. just assumed you had to enter the passcode to see the lock screen. wish they could disable that
Disable what exactly?
 

M87

macrumors 65816
Jul 18, 2009
1,224
224
You can disable Control Center on the lock screen. Either way, this is a beta and hardly worth freaking out over.
 

Gutwrench

Contributor
Jan 2, 2011
4,125
9,378
Thank you for posting this OP. Beta or not it should be out in the open for people to know about.
 

tymaster50

macrumors 68030
Oct 3, 2012
2,785
7
New Jersey
Thank you for posting this OP. Beta or not it should be out in the open for people to know about.
Be it as it may, it's not like it poses a huge security risk. To do this you would have to let someone use your phone, or get it stolen from you and I doubt their first thought would be to look through your photos lol. The new find my iPhone makes it useless anyway if it's stolen
 

snerkler

macrumors 6502a
Feb 14, 2012
926
26
It's only those pics on your camera role anyway, I can't access all my photos this way. I don't keep a lot in my camera roll as I organise them into specific folders.
 

WeegieMac

Guest
Jan 29, 2008
3,274
1
Glasgow, UK
Good find. But, this is a Beta, and if you're using it legally (as a registered Dev), then you've consented to an NDA. You shouldn't be posting this kind of finding on a public forum. It should be reported directly to Apple because that's the whole point of Betas.
Really?

How long have you been a member here?

"This kind of finding" has been reported with every iOS beta since I've been here. The ability to update to a beta via "Check For Update" has been there since iOS 5, and knowing Apple I'm sure they're well aware. They've not plugged it for a reason, because they get as much real world user data from the nerds among us (me included) as well as legit developer reports.

No one has ever been dragged to court for breaking the holy NDA in all my years using and posting about iOS and OS X betas. No one on YouTube has has their iOS 7 videos pulled yet. Same as with previous betas.

I think you need to remove that stick from somewhere.
 

KeanosMagicHat

macrumors 65816
May 18, 2012
1,499
517
Don't know whether the OP was one of the first to spot it (props if you were), but this is now being reported as a known exploit.

Doesn't affect me as I wouldn't want others to have access to the control centre when my phone is locked so disabled it in the settings.

I can still get to the music controls with the old Double Tap method - so that's good enough for me.