Forgot your password?
typodupeerror
IOS Iphone Security Apple

iOS 7 Lock Screen Bug Leaves Certain Apps Vulnerable For Access 135

Posted by Soulskill
from the at-least-it's-a-flat-bug dept.
MojoKid writes "News of a proven security vulnerability involving Apple iOS 7 has started making the rounds. The exploit specifically involves the lockscreen, the most common piece of security that stops an unauthorized individual from gaining access to anything important on your phone. The 'hack,' if you want to call it that, is simple: Swipe up on the lock screen to enter the control center, and then open the alarm clock. From there, hold the phone's sleep button to bring up a prompt that will ask you if you wish to shut down, but instead of doing that, hit the cancel option, and then tap the home button to access the phone's multi-tasking screen. With access to this multi-tasking screen, anyone could try opening up what you've already had open on your phone. If you had Twitter open, for example, this person might be able to pick up where you left off and post on your behalf. Or, they could access the camera — and of course, every single photo stored on the phone." The new iPhone models were released today; iFixit has a teardown of the iPhone 5s, giving it a repairability score of 6/10.
This discussion has been archived. No new comments can be posted.

iOS 7 Lock Screen Bug Leaves Certain Apps Vulnerable For Access

Comments Filter:
  • by Anonymous Coward

    In loving memory of apk.

  • by Mister Liberty (769145) on Friday September 20, 2013 @09:02AM (#44901767)

    this is the least of your worries.

    • by Sockatume (732728) on Friday September 20, 2013 @09:03AM (#44901783)

      You know, because that applies to every security story and adds no specific value to any of them, you just have to say it once and then stop.

    • One of my friends raised an interesting question:

      How can we be sure that the fingerprints stored on the device aren't being retrieved by various intelligence agencies?

      • Because theyd be awful low-rez fingerprints?

      • If you want to go full on paranoid, that everything you are told might be a lie, they might be. But why ask the question here. We might be lying.

        If however you're interested in the technology, an image of the fingerprint isn't stored anywhere. The fingerprint scanner creates a hash, and that is stored in a dedicated secure area in the CPU, salted with a UID from the phone. It's not possible to recreate an actual print from the hash, even if the hash were accessible from software, which it's not.

        There's cert

        • by phorm (591458)

          I can see how you can store a hash of a strict item, but wouldn't a fingerprint have enough "fuzzy" difference between inputs in it that making a hash wouldn't work?

          • Obviously Apple aren't giving full information about how it works. But the hashing part has been mentioned in several places.

            This is the best source of information I found. It includes both what Apple have revealed, together with some informed speculation.

            http://www.techhive.com/article/2048514/the-iphone-5s-fingerprint-reader-what-you-need-to-know.html [techhive.com]

            Actually the most interesting part is that the scanner takes a capacitative rather than optical image. Which explains why the lens isn't transparent (to visi

            • by phorm (591458)

              Thanks for the link, it's rather informative.
              I wonder if this reader will be susceptible to dry-finger issues common to touchscreens? Generally an uncovered screen is better, but with a protective film (likely not needed on the fingerprinter reader) dry fingers tend to work poorly. On really dry days, even the straight screen can be a little dicey.

  • by mystikkman (1487801) on Friday September 20, 2013 @09:05AM (#44901797)

    Windows login gif.

    http://i.imgur.com/fqjnK.gif [imgur.com]

    • by Bogtha (906264)

      That's a bit complicated isn't it? I know in a lot of versions, you could just hit escape and you'd be dumped onto the desktop.

    • by mlts (1038732) *

      I remember this hole on one major UNIX in the '90s (company is now gone), if you had access to its xdm login via local access or XDMCP. The username window will pop up a help box, with an option to redirect the output of a lpr command.

      So, a simple, "| xterm" typed in got you a root shell immediately.

      This was patched in the next minor rev, but it was a fairly gaping hole at the time.

    • by tlhIngan (30335)

      The problem was the Windows 9x dialog was not for logging in, but for entering your network credentials so you can access network resources.

      Clicking cancel merely meant you couldn't access a network fileshare without rebooting and re-entering the credentials there.

      I think it took until XP before you could actually log into a fileserver using alternative credentials...

      Alas, the dialog was so poorly worded that many people thought you could use it to password protect your PC, but no. It just set your network

  • Can't replicate (Score:5, Informative)

    by jamie (78724) * Works for Slashdot <jamie@slashdot.org> on Friday September 20, 2013 @09:14AM (#44901875) Journal
    I can't replicate it either. The YouTube video claims I double-tap the home button but the second tap is slightly longer? By the end of the first tap it's already bringing me back to the lock screen, i.e. by the time I'm pressing down for the second tap, I'm already being taken back to the lock screen. iPhone 5, updated last night to 7.0 (11A465).
    • Re: (Score:2, Informative)

      by Anonymous Coward

      you must be quite fast between cancel and double tap

      • by Anonymous Coward

        Got It!,

        but on my iphone 5 I can do nothing with it. I can see what apps are open. I cannot see their content and I cannot open any of them, and if if I play around in there too long it goes back to the lock screen.

        I don't know if there is anything to see there.

        • by asylumx (881307)
          Just tried this with a co-worker's iphone and yes, if the camera was running you can access all of their previous pictures. Couldn't get it to load their contacts, though.
          • by ageoffri (723674)
            I was able to access contacts indirectly. Go into the gallery and share a picture and use messaging. At this point hit the + sign in the upper right. You are then in Contacts. You can view names and phone numbers. I wasn't able to figure out a way to edit contacts or get more details.
            • by asylumx (881307)
              Yes, I was also able to replicate using the same technique. BTW My coworker knows I'm doing this, I'm not just hacking his phone without him knowing :)
    • by Like2Byte (542992)

      I was able to replicate this with caveats.

      I was able to replicate this WITHOUT having the 'Passcode Lock' enabled.

      I was UNABLE to replicate this WITH 'Passcode Lock' enabled.

      I've now restarted an iPad Mini and am STILL UNABLE to replicate with the 'Passcode Lock' enabled.

      I'm not sure what the problem with this feature is. Sure, they've 'bypassed' the swipe to unlock screen; but, the user has specifically poked and prodded this iPad Mini in what, I assume, is an extremely unlikely situation. By itself I'm

      • by Like2Byte (542992)

        KABOOM! I read some of the other posts. You DO have to double-tap the home button in really fast succession.

        So, scratch my previous post.

        I was able to replicate this WITHOUT having the 'Passcode Lock' enabled with a single home button tap.

        I was also ABLE to replicate this WITH 'Passcode Lock' enabled with a double-tap of the home button. However, I was unable to access any of the open applications from the multi-tasking screen.

      • by BVis (267028)

        My (admittedly fairly unscientific) testing seems to indicate that if you have your passcode lock set to lock immediately, you can see what apps are running, but you cannot open any of them. If you set your passcode lock to lock after 5 minutes, you can access the applications... but you could just swipe from the "lock" screen to do the same thing.

        As far as I can tell, this "bug" is bullshit. The worst that happens is that someone sees what apps you were running, the screens are greyed out if you "exploit

        • by Like2Byte (542992)

          Ah, cool. Good to know! Thanks for the update. I hadn't considered the immediacy of the locking mechanism.

          As far as I can tell, this "bug" is bullshit. The worst that happens is that someone sees what apps you were running, the screens are greyed out if you "exploit" this successfully.

          Try again, Apple haters.

          Agreed! I thought about this while driving. Haters gotta hate. :P

  • iFixit (Score:5, Funny)

    by Sockatume (732728) on Friday September 20, 2013 @09:15AM (#44901879)

    From iFixit's teardown:

    We are currently involved in heavy lobbying to our product designers to create 14k gold replacement screws. They'll be $50 each and strip the first time you try to unscrew them, so they will be perfect for the iPhone. Stay posted.

    Ha ha ha.

    • by AmiMoJo (196126) *

      From the same teardown:

      Perhaps the "s" in 5s stands for "stuck," as in "this battery is stuck in with a lot of glue," or "I hope you didn't want to replace your batteryâ"you're going to be stuck with this one."

      They just couldn't resist, could they?

  • Not quite the same, but this sounds somewhat like the old iPad smart-cover bypass trick from a couple years ago.

    http://www.theguardian.com/technology/blog/2011/oct/26/ipad-lock-bypass-ios5-cover

  • Easily avoided (Score:1, Informative)

    by Mendenhall (32321)

    As soon as I did the iOS7 update, I noticed that you could access the camera from the lock screen, and I didn't want someone taking inappropriate pictures on my iPad if they stole it. There is an option in the settings which controls what features are available from the lock screen. If you turn off the Control Panel access from the lock screen, and everything else, this goes away.

    So, it's annoying but not fatal as a security issue. I can't imagine anyone wanting to have the device open for the camera whe

    • Re:Easily avoided (Score:4, Interesting)

      by Culture20 (968837) on Friday September 20, 2013 @09:40AM (#44902165)
      There are plenty of people who want an instant camera instead of fumbling with passcodes and opening the camera app for 30 seconds.
    • Re:Easily avoided (Score:5, Informative)

      by joh (27088) on Friday September 20, 2013 @09:49AM (#44902237)

      As soon as I did the iOS7 update, I noticed that you could access the camera from the lock screen, and I didn't want someone taking inappropriate pictures on my iPad if they stole it.

      You could access the camera from the lock screen from iOS 5 on.

    • by Sockatume (732728)

      You could access the camera from the lock screen on the iPhones for a while, is this new to the iPad?

      • You could access the camera from the lock screen on the iPhones for a while, is this new to the iPad?

        Yes, it is new to the iPad.

        The iPhones (and the forgotten stepchild of the line, the iTouch) had a camera button on the lock screen, but - on IOS6 and below - you did not have this feature on the Ipad.

        On the other hand, you did get the stunningly useless "picture frame" button on the iPad lock screen. You know, for those times the battery wasn't draining fast enough on its own. That's disappeared with iOS7

        Th

    • As soon as I did the iOS7 update, I noticed that you could access the camera from the lock screen

      That feature has been included even before iOS7. I could already access the camera in my phone (4S) with only iOS5.x by turning the lock screen on and then swipe the camera icon upward to open the camera functionality. I could also access all pictures taken from this session of the camera as well. However, I cannot access any other pictures taken outside of the session. In other words, other pictures that are already in the photo gallery before turning the camera functionality on from the locked screen are

    • by Thruen (753567) on Friday September 20, 2013 @10:05AM (#44902427)
      Couple quick things. Firstly, that feature was already there, odds are you had disabled it before and that setting was reset with the update. Also, you can't access any existing photos from there, it'll only let you browse the photos you've taken since opening the camera, and resets each time you lock the screen again. There are similar features on other phones, it's handy and not by itself a security risk. As for not imagining anyone wanting to have the device open for the camera when it's locked, I think you lack imagination, and possibly even basic sense. I take advantage of it most frequently when I'm traveling and wish to quickly snap a photo without having to type in my password, it often makes the difference between a photo of an animal grazing and one of their behind as they run into the woods.

      It's worth noting that this feature doesn't seem related in the least to the security flaw discussed here, as the camera is meant to be quickly accessible in this way. This means the suggestion of turning off control panel access won't fix the security flaw, if that's what you had in mind.
      • by Mendenhall (32321)

        I know they are different things, but it was the camera access that got my attention. Disabling Control Panel access, I think, as I mentioned in the original post, avoids the issue. As far as I can tell, there is no way to get to anything on my iPad without unlocking.

        The ad hominem about my lacking imagination and/or sense was not needed or polite.

        • by Thruen (753567)
          I'm not sure if I misunderstood you then or now, but if you understand the article is about something entirely different than the feature you describe then I'm not sure why you bothered to mention it, as it has nothing to do with the article. I'm not shocked you weren't able to reproduce the issue on your iPad, as it seems to be a problem specifically with the iPhone 5S, as described in the article, and there are reports around the web of being unable to reproduce it on other devices.

          Also, it's amusing t
      • I take advantage of it most frequently when I'm traveling and wish to quickly snap a photo without having to type in my password [...]

        But imagine if I didn't have to enter a password. Imagine if I had some sort of biometric type of system, like a fingerprint reader or facial recognition or something, that would let me unlock my phone without having to enter a password.

        Nah. That's crazy talk...

    • "I can't imagine anyone wanting to have the device open for the camera when it is locked."

      Well some people want to take pictures right away, before having to type in a password to get to it. Taking inappropriate pictures on your phone/ipad is easily deleted once the damage is done. This was on iOS 6 too.

    • by ozbon (99708)
      You could access camera from lock screen in iOS6 too - it's not a new feature.
    • by tlhIngan (30335)

      I noticed that you could access the camera from the lock screen

      While it's elegantly done on iOS (swipe up to activate camera versus right when unlocking), on Android, this one feature (introduced in Jellybean 4.2) is probably implemented in the most asinine fashion.

      In 4.2, they turned the lock screen into another home screen with limited privileges, so they added pages to the left and right of the lock (left page(s) - user defined widgets, right page - camera). The problem is if you're using the swipe code

  • It's supposed to be fixed in 7.01 which should be available today..
    Or so I've read from various sources.

    • by Sockatume (732728)

      Apple have acknowledged the issue and that they intend to fix it, however 7.0.1 is a bug fix release for the 5C and 5S to make up for the fact that their builds are older. (They had to be finished in time to get the phones into boxes and shipped to stores.) I would be surprised if 7.0.1 did anything but bring those two handsets up to date, this bug included.

  • I can't reproduce this. Is is possible it's specific just to the iPhone 5/s/c?
    • by mkraft (200694)

      It took me a few tries, but I reproduced it on my iPhone 4S. Make sure to do exactly what the video does, including going into the camera before going into the Clock app.

  • I spent most of yesterday evening tinkering with iOS 7 on my iPad. I've got to say, much of it feels like amateur hour, like a bunch of students got together to create a redesign of iOS. I can't tell if they put an inexperienced team on the job, if managers with no proper UX experienced were meddling, or they outsourced the bulk of the work. But as a creative director I would have rejected much of what I was seeing and I can't imagine that Steve Jobs would have approved this release.

    Apple, a company suppose

  • This is strange that they couldn't find the M7. Either it is incorporated into the A7 or they missed it somehow. Given the functionality of the M7, it might very small compared to the A7. There appears to be some metal shielding next to the A7. It could be under there. Also the chip next to the Qualcomm WTR1605L isn't identified.
    • by tlhIngan (30335)

      This is strange that they couldn't find the M7. Either it is incorporated into the A7 or they missed it somehow. Given the functionality of the M7, it might very small compared to the A7. There appears to be some metal shielding next to the A7. It could be under there. Also the chip next to the Qualcomm WTR1605L isn't identified.

      Not really. It's probably part of the silicon that the A7 uses - modern ARM SoCs are full of processors besides the main ARM core - often many auxiliary processors exist. The M7 is

      • From what I know about the A7, it is slightly larger than the A6 (die size). I didn't know whether they could fit it in the amount of space if it incorporated a M7 as well as the other changes. Yes, the A7 is on a 28nm instead of 32nm but I didn't think it would be enough.
      • This conflicting report [cnet.com] says that the M7 is from NXP and separate from the A7.
  • Just tried it on my iPhone 4 several times. It never went past the locked screens. I even watched the video to be sure I was doing it right.
    • Success! The timing of holding the home button seems to be very critical. I start double-clicking right as soon as I hit the CANCEL button, and hold the 2nd click for about three seconds before releasing. Even after my successful try, I still have trouble doing it consistently.

      On a side note, nearly every app was still locked to me. I was able to get the camera and pics open, but that was it.

  • Swipe up on the lock screen to enter the control center, and then open the alarm clock

    Isn't granting access to unauthorized users to the control centre enough of a security hole? Opening the alarm clock? WTF?
    This reminds me of OS X, which leaves media keys enabled when the screen is locked - effectively giving access to any audio you may have queued to bystanders.

    Lockscreens should just validate password, nothing else.

  • Word Processor and Reader for Microsoft Office. By Irfan Farooqi IPhone and IPad Lightweight office work on the go Backup of documents Quick access to Documents, Spread sheets, Presentations, notes and memos word processing Pocket Spreadsheet Pocket Presentation Download : https://itunes.apple.com/us/app/documents-word-processor-reader/id642314248?mt=8 [apple.com]

Passwords are implemented as a result of insecurity.

Working...