iOS 7 Lock Screen Bug Leaves Certain Apps Vulnerable For Access 135
MojoKid writes "News of a proven security vulnerability involving Apple iOS 7 has started making the rounds. The exploit specifically involves the lockscreen, the most common piece of security that stops an unauthorized individual from gaining access to anything important on your phone. The 'hack,' if you want to call it that, is simple: Swipe up on the lock screen to enter the control center, and then open the alarm clock. From there, hold the phone's sleep button to bring up a prompt that will ask you if you wish to shut down, but instead of doing that, hit the cancel option, and then tap the home button to access the phone's multi-tasking screen. With access to this multi-tasking screen, anyone could try opening up what you've already had open on your phone. If you had Twitter open, for example, this person might be able to pick up where you left off and post on your behalf. Or, they could access the camera — and of course, every single photo stored on the phone."
The new iPhone models were released today; iFixit has a teardown of the iPhone 5s, giving it a repairability score of 6/10.
Protect your iPhone with a host file (Score:1, Funny)
In loving memory of apk.
Re: (Score:2)
Re: (Score:2)
Not the host file, the HOSTS file!! $10,000 challenge!
With the NSA storing your every move (Score:3, Insightful)
this is the least of your worries.
Re:With the NSA storing your every move (Score:5, Insightful)
You know, because that applies to every security story and adds no specific value to any of them, you just have to say it once and then stop.
Re:With the NSA storing your every move (Score:4)
It is annoying. This overreach is even one of my pet causes, but this spam makes people who think it is dangerous look bad.
Re:With the NSA storing your every move (Score:5, Insightful)
My chief complaint is that it's an either-or proposition which makes it seem like we should just disregard all other security failures just because we're operating under a single massive one.
Re: (Score:2)
Yes, they can't really believe that - they are just trying to inject their pet cause everywhere... as if Slashdotters aren't aware already. It's like the Bush trolls from a few years back.
Fingerprints (Score:1)
One of my friends raised an interesting question:
How can we be sure that the fingerprints stored on the device aren't being retrieved by various intelligence agencies?
Re: (Score:2)
Because theyd be awful low-rez fingerprints?
Re: (Score:2)
If you want to go full on paranoid, that everything you are told might be a lie, they might be. But why ask the question here. We might be lying.
If however you're interested in the technology, an image of the fingerprint isn't stored anywhere. The fingerprint scanner creates a hash, and that is stored in a dedicated secure area in the CPU, salted with a UID from the phone. It's not possible to recreate an actual print from the hash, even if the hash were accessible from software, which it's not.
There's cert
Re: (Score:1)
I can see how you can store a hash of a strict item, but wouldn't a fingerprint have enough "fuzzy" difference between inputs in it that making a hash wouldn't work?
Re: (Score:2)
Obviously Apple aren't giving full information about how it works. But the hashing part has been mentioned in several places.
This is the best source of information I found. It includes both what Apple have revealed, together with some informed speculation.
http://www.techhive.com/article/2048514/the-iphone-5s-fingerprint-reader-what-you-need-to-know.html [techhive.com]
Actually the most interesting part is that the scanner takes a capacitative rather than optical image. Which explains why the lens isn't transparent (to visi
Re: (Score:1)
Thanks for the link, it's rather informative.
I wonder if this reader will be susceptible to dry-finger issues common to touchscreens? Generally an uncovered screen is better, but with a protective film (likely not needed on the fingerprinter reader) dry fingers tend to work poorly. On really dry days, even the straight screen can be a little dicey.
Reminds me of this Windows gif (Score:5, Funny)
Windows login gif.
http://i.imgur.com/fqjnK.gif [imgur.com]
Re: (Score:2)
That's a bit complicated isn't it? I know in a lot of versions, you could just hit escape and you'd be dumped onto the desktop.
Re: (Score:2)
I remember this hole on one major UNIX in the '90s (company is now gone), if you had access to its xdm login via local access or XDMCP. The username window will pop up a help box, with an option to redirect the output of a lpr command.
So, a simple, "| xterm" typed in got you a root shell immediately.
This was patched in the next minor rev, but it was a fairly gaping hole at the time.
Re: (Score:2)
The problem was the Windows 9x dialog was not for logging in, but for entering your network credentials so you can access network resources.
Clicking cancel merely meant you couldn't access a network fileshare without rebooting and re-entering the credentials there.
I think it took until XP before you could actually log into a fileserver using alternative credentials...
Alas, the dialog was so poorly worded that many people thought you could use it to password protect your PC, but no. It just set your network
Re: (Score:1)
Re: (Score:2)
Turn in your geek card.
No, it just means he's at least 25 years old.
Re: (Score:2)
Re: (Score:3)
Because those of us who value privacy would like our phones to remain locked until we unlock it ourselves. I'd hate to have my email accounts and photos read or copied simply because I misplaced my phone and someone else found it.
Re: (Score:3)
No luck on the iPhone 4 either. I wonder if there's some configurational wrinkle that's missing.
Re:Could not replicate (as many others can't) (Score:4, Informative)
I tried a good 10 times on my 4 before I got it to work - it's not mentioned and an easy bit to miss in the video: as soon as you tap close you have to do the double-tap on the home button and hold the second tap a little longer than a second maybe. The key though is to do this AS SOON as you hit "Cancel." How this person ever came across the flaw is beyond me, but good poking. Someone should hire her for a QA team.
Re: (Score:1)
Phone security will never be, and we should acknowledge it then.
I guess...that's the thinking.
Then the question is just how insecure are we okay with?
Re: (Score:3)
Works for me on a regular 4. You cannot launch new apps but previoulsy opened apps that are running are accessible.
When I tried it (on an iPhone 5), it does seem - as in the demo video - the apps have to have been opened very recently.
This seems to be related to how iOS 7 handles multitasking. I wonder if disabling background updating of apps would fix it? Later yesterday (after I played around trying to replicate this bug) I disabled background updating, mainly to try to address the poor battery life suckage iOS 7 seems to have introduced on my phone...
Re: (Score:2)
Re: (Score:2)
Yeah, I went looking that setting pretty quickly because you're absolutely right - it went from "interesting" to "meh" to "how the heck do I disable that?" over the course of a couple hours.
It perhaps works better with their own wallpapers, but I use my own photos and it got annoying pretty quick.
Re: (Score:1)
On my first try the programs showed up for half a second then it went back to the lock screen. The second try it worked just fine but when I tried to open the "desktop" (I'm new to the phone so I don't know the right word) it locked again.
Re: (Score:1)
iOS 7 on iPhone 5:
Swipe up, clock app, sleep button, cancel out of the power off dialog, hit the home button twice. Yes, one can swipe and see what apps were once run, but it will ignore any taps on other apps, and if one taps on the Springboard icon, it will drop back to the lock screen.
Yes, this is a bug, and hopefully 7.0.1 will fix it, but it doesn't allow anyone off the street to get to your contacts and such.
Re: (Score:1)
I also cannot replicate the problem with iOS 7.0 (11A465) on my iPhone 3GS.
Re: (Score:2)
I also cannot replicate the problem with iOS 7.0 (11A465) on my iPhone 3GS.
If you don't mind me asking - how'd you get that installed - isn't iOS7 not supposed to be compatible for 3GS.
Re: (Score:2)
Woosh.
Re: (Score:1)
itsatrap
You can't bypass the lock, but you did activate the hidden Trojan that now will send all your BitCoins to the guys who posted this phony (pun intended) hack.
Re: (Score:2)
OK so that was a lame joke, but what morons tagged it "flamebait"? "boring" I could understand.
Re: (Score:2)
There is a bug, but it is not what most would consider a lock screen bypass. iOS7 has a new task switcher and you can access this, but it has reduced privileges meaning you can't access any app that you couldn't from the lock screen. And even then it isn't reliable (very likely due to it being the result of a bug).
What it *does* do is leak information about what is installed on the phone, and badges for installed apps (e.g., number of unread emails). But only if those applications are running. Doing a fresh
Re: (Score:2)
Exploring this further, it appears that someone doing this casually may think they have a lock screen bypass because they go through the steps and get full access to any application. The key here is the behavior of locking the phone: is the passcode immediately required or not? If testing this you have to either set that to immediately or wait long enough to ensure it isn't still just "swipe to unlock".
On another note, some combination of factors resulted in no access to the quick swipe apps. Could still sw
Re: (Score:2)
Summary says you have to have applications open.
Re: (Score:1)
It's iOS. Nothing is open ten seconds after the phone is locked.
Re: (Score:2)
Ten seconds is the time limit given for an app to finish its business if it ceases to be in the foreground or the phone screen is locked. I don't think background services or the brief window in which a compatible app is restarted for Background App Refresh really count.
Can't replicate (Score:5, Informative)
Re: (Score:2, Informative)
you must be quite fast between cancel and double tap
Re: (Score:1)
Got It!,
but on my iphone 5 I can do nothing with it. I can see what apps are open. I cannot see their content and I cannot open any of them, and if if I play around in there too long it goes back to the lock screen.
I don't know if there is anything to see there.
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
I was able to replicate this with caveats.
I was able to replicate this WITHOUT having the 'Passcode Lock' enabled.
I was UNABLE to replicate this WITH 'Passcode Lock' enabled.
I've now restarted an iPad Mini and am STILL UNABLE to replicate with the 'Passcode Lock' enabled.
I'm not sure what the problem with this feature is. Sure, they've 'bypassed' the swipe to unlock screen; but, the user has specifically poked and prodded this iPad Mini in what, I assume, is an extremely unlikely situation. By itself I'm
Re: (Score:2)
KABOOM! I read some of the other posts. You DO have to double-tap the home button in really fast succession.
So, scratch my previous post.
I was able to replicate this WITHOUT having the 'Passcode Lock' enabled with a single home button tap.
I was also ABLE to replicate this WITH 'Passcode Lock' enabled with a double-tap of the home button. However, I was unable to access any of the open applications from the multi-tasking screen.
Re: (Score:2)
My (admittedly fairly unscientific) testing seems to indicate that if you have your passcode lock set to lock immediately, you can see what apps are running, but you cannot open any of them. If you set your passcode lock to lock after 5 minutes, you can access the applications... but you could just swipe from the "lock" screen to do the same thing.
As far as I can tell, this "bug" is bullshit. The worst that happens is that someone sees what apps you were running, the screens are greyed out if you "exploit
Re: (Score:2)
Ah, cool. Good to know! Thanks for the update. I hadn't considered the immediacy of the locking mechanism.
Agreed! I thought about this while driving. Haters gotta hate. :P
iFixit (Score:5, Funny)
From iFixit's teardown:
We are currently involved in heavy lobbying to our product designers to create 14k gold replacement screws. They'll be $50 each and strip the first time you try to unscrew them, so they will be perfect for the iPhone. Stay posted.
Ha ha ha.
Re: (Score:2)
From the same teardown:
Perhaps the "s" in 5s stands for "stuck," as in "this battery is stuck in with a lot of glue," or "I hope you didn't want to replace your batteryâ"you're going to be stuck with this one."
They just couldn't resist, could they?
This sounds vaguely familiar (Score:1)
Not quite the same, but this sounds somewhat like the old iPad smart-cover bypass trick from a couple years ago.
http://www.theguardian.com/technology/blog/2011/oct/26/ipad-lock-bypass-ios5-cover
Easily avoided (Score:1, Informative)
As soon as I did the iOS7 update, I noticed that you could access the camera from the lock screen, and I didn't want someone taking inappropriate pictures on my iPad if they stole it. There is an option in the settings which controls what features are available from the lock screen. If you turn off the Control Panel access from the lock screen, and everything else, this goes away.
So, it's annoying but not fatal as a security issue. I can't imagine anyone wanting to have the device open for the camera whe
Re:Easily avoided (Score:4, Interesting)
Re:Easily avoided (Score:5, Informative)
As soon as I did the iOS7 update, I noticed that you could access the camera from the lock screen, and I didn't want someone taking inappropriate pictures on my iPad if they stole it.
You could access the camera from the lock screen from iOS 5 on.
Re: (Score:2)
You could access the camera from the lock screen on the iPhones for a while, is this new to the iPad?
Re: (Score:2)
You could access the camera from the lock screen on the iPhones for a while, is this new to the iPad?
Yes, it is new to the iPad.
The iPhones (and the forgotten stepchild of the line, the iTouch) had a camera button on the lock screen, but - on IOS6 and below - you did not have this feature on the Ipad.
On the other hand, you did get the stunningly useless "picture frame" button on the iPad lock screen. You know, for those times the battery wasn't draining fast enough on its own. That's disappeared with iOS7
Th
Re: (Score:2)
As soon as I did the iOS7 update, I noticed that you could access the camera from the lock screen
That feature has been included even before iOS7. I could already access the camera in my phone (4S) with only iOS5.x by turning the lock screen on and then swipe the camera icon upward to open the camera functionality. I could also access all pictures taken from this session of the camera as well. However, I cannot access any other pictures taken outside of the session. In other words, other pictures that are already in the photo gallery before turning the camera functionality on from the locked screen are
Different thing altogether... (Score:4, Informative)
It's worth noting that this feature doesn't seem related in the least to the security flaw discussed here, as the camera is meant to be quickly accessible in this way. This means the suggestion of turning off control panel access won't fix the security flaw, if that's what you had in mind.
Re: (Score:2)
I know they are different things, but it was the camera access that got my attention. Disabling Control Panel access, I think, as I mentioned in the original post, avoids the issue. As far as I can tell, there is no way to get to anything on my iPad without unlocking.
The ad hominem about my lacking imagination and/or sense was not needed or polite.
Re: (Score:2)
Also, it's amusing t
Re: (Score:2)
Why is this [plover.net] so damn difficult for people to understand?
Both of you, stop it!
Re: (Score:2)
I take advantage of it most frequently when I'm traveling and wish to quickly snap a photo without having to type in my password [...]
But imagine if I didn't have to enter a password. Imagine if I had some sort of biometric type of system, like a fingerprint reader or facial recognition or something, that would let me unlock my phone without having to enter a password.
Nah. That's crazy talk...
Re: (Score:2)
"I can't imagine anyone wanting to have the device open for the camera when it is locked."
Well some people want to take pictures right away, before having to type in a password to get to it. Taking inappropriate pictures on your phone/ipad is easily deleted once the damage is done. This was on iOS 6 too.
Re: (Score:2)
Re: (Score:2)
While it's elegantly done on iOS (swipe up to activate camera versus right when unlocking), on Android, this one feature (introduced in Jellybean 4.2) is probably implemented in the most asinine fashion.
In 4.2, they turned the lock screen into another home screen with limited privileges, so they added pages to the left and right of the lock (left page(s) - user defined widgets, right page - camera). The problem is if you're using the swipe code
Already fixed today (Score:1)
It's supposed to be fixed in 7.01 which should be available today..
Or so I've read from various sources.
Re: (Score:2)
Apple have acknowledged the issue and that they intend to fix it, however 7.0.1 is a bug fix release for the 5C and 5S to make up for the fact that their builds are older. (They had to be finished in time to get the phones into boxes and shipped to stores.) I would be surprised if 7.0.1 did anything but bring those two handsets up to date, this bug included.
Can't Reproduce (Score:2)
Re: (Score:2)
It took me a few tries, but I reproduced it on my iPhone 4S. Make sure to do exactly what the video does, including going into the camera before going into the Clock app.
Unimpressed. (Score:1)
I spent most of yesterday evening tinkering with iOS 7 on my iPad. I've got to say, much of it feels like amateur hour, like a bunch of students got together to create a redesign of iOS. I can't tell if they put an inexperienced team on the job, if managers with no proper UX experienced were meddling, or they outsourced the bulk of the work. But as a creative director I would have rejected much of what I was seeing and I can't imagine that Steve Jobs would have approved this release.
Apple, a company suppose
Re: (Score:2)
There are a number of UX issues with iOS 7 that I'm frankly quite surprised made it through testing or that anyone thought these were good ideas. Ignoring the theme itself (lower definition icons means less context, especially with hi res screens, that context would have been very usable it's the whole reason we do things like image previews for icons in modern OSes rather than generic jpg icons).
1) The "partial shift" no longer has a distinct visible mode on the keyboard. iOS has 4 modes for the shift butt
Re: (Score:2)
There is an option to set the font to bold, which does dramatically improve the thin fonts (though some of the larger text, like the lock screen clock looks odd), it's under the accessibility settings. There's also an increase contrast option (which is distinct from the invert colors option) though I haven't found where that takes effect.
No M7 processor? (Score:2)
Re: (Score:2)
Not really. It's probably part of the silicon that the A7 uses - modern ARM SoCs are full of processors besides the main ARM core - often many auxiliary processors exist. The M7 is
Re: (Score:2)
Re: (Score:2)
Will the discoverers get the 10k bounty? (Score:2)
Why would they? (Score:2)
http://www.zdnet.com/hackers-crowdfund-bounty-to-hack-iphone-5s-fingerprint-scanner-on-istouchidhackedyet-com-7000020879 [zdnet.com]
I will pay the first person who successfully lifts a print off the iPhone 5s screen, reproduces it and unlocks the phone in < 5 tries $100.
Why would a lockscreen bug have anything to do with this fingerprint scanner bounty?
Re: (Score:2)
Nope... (Score:2)
Re: (Score:3)
Success! The timing of holding the home button seems to be very critical. I start double-clicking right as soon as I hit the CANCEL button, and hold the 2nd click for about three seconds before releasing. Even after my successful try, I still have trouble doing it consistently.
On a side note, nearly every app was still locked to me. I was able to get the camera and pics open, but that was it.
Too much access (Score:2)
Swipe up on the lock screen to enter the control center, and then open the alarm clock
Isn't granting access to unauthorized users to the control centre enough of a security hole? Opening the alarm clock? WTF?
This reminds me of OS X, which leaves media keys enabled when the screen is locked - effectively giving access to any audio you may have queued to bystanders.
Lockscreens should just validate password, nothing else.
Word Processor and Reader for Microsoft Office. (Score:1)
Comment removed (Score:4, Interesting)
Re: (Score:2)
Re: (Score:1)
Apparently, I could not see anything in the camera roll either, on the iOS 7.0. Are you really sure that this is the case as you have described??
Re: (Score:1)
Prove it to everyone that this is a troll.
Re: (Score:2)
Ideally, any banking app should have the option to set a PIN code or a password, and after 5-10 wrong guesses, either start adding an exponential delay, purge itself (if there is no critical data just stored with the app) or demand the banking username and password. That way, one's data is protected unless the phone gets compromised when the app is inuse.
There is also an API for storing data in a protected subdirectory as well, so when the device is locked, the stored files are inaccessible. That way, if
Re: (Score:1)
"the new multitask browser provides an unprotected preview of my last banking session." -- was this really what you've seen on the iOS 7.0? Mine one didn't show anything...