iOS 7 Lock Screen Bug Leaves Certain Apps Vulnerable For Access 135
MojoKid writes "News of a proven security vulnerability involving Apple iOS 7 has started making the rounds. The exploit specifically involves the lockscreen, the most common piece of security that stops an unauthorized individual from gaining access to anything important on your phone. The 'hack,' if you want to call it that, is simple: Swipe up on the lock screen to enter the control center, and then open the alarm clock. From there, hold the phone's sleep button to bring up a prompt that will ask you if you wish to shut down, but instead of doing that, hit the cancel option, and then tap the home button to access the phone's multi-tasking screen. With access to this multi-tasking screen, anyone could try opening up what you've already had open on your phone. If you had Twitter open, for example, this person might be able to pick up where you left off and post on your behalf. Or, they could access the camera — and of course, every single photo stored on the phone."
The new iPhone models were released today; iFixit has a teardown of the iPhone 5s, giving it a repairability score of 6/10.
Can't replicate (Score:5, Informative)
Re:Can't replicate (Score:2, Informative)
you must be quite fast between cancel and double tap
Easily avoided (Score:1, Informative)
As soon as I did the iOS7 update, I noticed that you could access the camera from the lock screen, and I didn't want someone taking inappropriate pictures on my iPad if they stole it. There is an option in the settings which controls what features are available from the lock screen. If you turn off the Control Panel access from the lock screen, and everything else, this goes away.
So, it's annoying but not fatal as a security issue. I can't imagine anyone wanting to have the device open for the camera when it is locked. I do wish the options were flexible enough that one could still adjust audio settings with it locked.
Re:Easily avoided (Score:5, Informative)
As soon as I did the iOS7 update, I noticed that you could access the camera from the lock screen, and I didn't want someone taking inappropriate pictures on my iPad if they stole it.
You could access the camera from the lock screen from iOS 5 on.
Different thing altogether... (Score:4, Informative)
It's worth noting that this feature doesn't seem related in the least to the security flaw discussed here, as the camera is meant to be quickly accessible in this way. This means the suggestion of turning off control panel access won't fix the security flaw, if that's what you had in mind.
Re:Could not replicate (as many others can't) (Score:4, Informative)
I tried a good 10 times on my 4 before I got it to work - it's not mentioned and an easy bit to miss in the video: as soon as you tap close you have to do the double-tap on the home button and hold the second tap a little longer than a second maybe. The key though is to do this AS SOON as you hit "Cancel." How this person ever came across the flaw is beyond me, but good poking. Someone should hire her for a QA team.