Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
IOS Iphone Security Apple

iOS 7 Lock Screen Bug Leaves Certain Apps Vulnerable For Access 135

Posted by Soulskill from the at-least-it's-a-flat-bug dept.
MojoKid writes "News of a proven security vulnerability involving Apple iOS 7 has started making the rounds. The exploit specifically involves the lockscreen, the most common piece of security that stops an unauthorized individual from gaining access to anything important on your phone. The 'hack,' if you want to call it that, is simple: Swipe up on the lock screen to enter the control center, and then open the alarm clock. From there, hold the phone's sleep button to bring up a prompt that will ask you if you wish to shut down, but instead of doing that, hit the cancel option, and then tap the home button to access the phone's multi-tasking screen. With access to this multi-tasking screen, anyone could try opening up what you've already had open on your phone. If you had Twitter open, for example, this person might be able to pick up where you left off and post on your behalf. Or, they could access the camera — and of course, every single photo stored on the phone." The new iPhone models were released today; iFixit has a teardown of the iPhone 5s, giving it a repairability score of 6/10.
This discussion has been archived. No new comments can be posted.

iOS 7 Lock Screen Bug Leaves Certain Apps Vulnerable For Access More

iOS 7 Lock Screen Bug Leaves Certain Apps Vulnerable For Access

Comments Filter:

  • Can't replicate (Score:5, Informative)

    by jamie ( 78724 ) * Works for Slashdot <jamie@slashdot.org> on Friday September 20, 2013 @09:14AM (#44901875) Journal
    I can't replicate it either. The YouTube video claims I double-tap the home button but the second tap is slightly longer? By the end of the first tap it's already bringing me back to the lock screen, i.e. by the time I'm pressing down for the second tap, I'm already being taken back to the lock screen. iPhone 5, updated last night to 7.0 (11A465).

  • Re:Can't replicate (Score:2, Informative)

    by Anonymous Coward on Friday September 20, 2013 @09:24AM (#44901993)

    you must be quite fast between cancel and double tap

  • Easily avoided (Score:1, Informative)

    by Mendenhall ( 32321 ) on Friday September 20, 2013 @09:31AM (#44902081)

    As soon as I did the iOS7 update, I noticed that you could access the camera from the lock screen, and I didn't want someone taking inappropriate pictures on my iPad if they stole it. There is an option in the settings which controls what features are available from the lock screen. If you turn off the Control Panel access from the lock screen, and everything else, this goes away.

    So, it's annoying but not fatal as a security issue. I can't imagine anyone wanting to have the device open for the camera when it is locked. I do wish the options were flexible enough that one could still adjust audio settings with it locked.

  • Re:Easily avoided (Score:5, Informative)

    by joh ( 27088 ) on Friday September 20, 2013 @09:49AM (#44902237)

    As soon as I did the iOS7 update, I noticed that you could access the camera from the lock screen, and I didn't want someone taking inappropriate pictures on my iPad if they stole it.

    You could access the camera from the lock screen from iOS 5 on.

  • Different thing altogether... (Score:4, Informative)

    by Thruen ( 753567 ) on Friday September 20, 2013 @10:05AM (#44902427)
    Couple quick things. Firstly, that feature was already there, odds are you had disabled it before and that setting was reset with the update. Also, you can't access any existing photos from there, it'll only let you browse the photos you've taken since opening the camera, and resets each time you lock the screen again. There are similar features on other phones, it's handy and not by itself a security risk. As for not imagining anyone wanting to have the device open for the camera when it's locked, I think you lack imagination, and possibly even basic sense. I take advantage of it most frequently when I'm traveling and wish to quickly snap a photo without having to type in my password, it often makes the difference between a photo of an animal grazing and one of their behind as they run into the woods.

    It's worth noting that this feature doesn't seem related in the least to the security flaw discussed here, as the camera is meant to be quickly accessible in this way. This means the suggestion of turning off control panel access won't fix the security flaw, if that's what you had in mind.

  • Re:Could not replicate (as many others can't) (Score:4, Informative)

    by denmarkw00t ( 892627 ) on Friday September 20, 2013 @01:32PM (#44904831) Homepage Journal

    I tried a good 10 times on my 4 before I got it to work - it's not mentioned and an easy bit to miss in the video: as soon as you tap close you have to do the double-tap on the home button and hold the second tap a little longer than a second maybe. The key though is to do this AS SOON as you hit "Cancel." How this person ever came across the flaw is beyond me, but good poking. Someone should hire her for a QA team.

Slashdot Top Deals

Solutions are obvious if one only has the optical power to observe them over the horizon. -- K.A. Arsdall

Close