
iOS 9 allows access to photos and contacts on a passcode locked iPhone - soisses
http://www.idownloadblog.com/2015/09/20/ios-9-access-photos-contacts-locked-iphone-security-flaw/
======
TazeTSchnitzel
Reminds me of a similarly Rube—Goldberg-esque login screen circumvention in
Windows 95:

[https://media2.giphy.com/media/lN0A3biIDKepW/giphy.gif](https://media2.giphy.com/media/lN0A3biIDKepW/giphy.gif)

~~~
soisses
Right, we saw some of bypasses like this lately.

And I believe we'll see more, because we add more and more features to the
lock-screens.

------
stinos
"This _only_ allows users to view your contacts, and look at your photos (not
videos) through a limited interface. Photos cannot be forwarded or shared from
your iPhone"

 _only_? Isn't that bad enough? Anecdotally I really couldn't care if any of
the messages I have get out in the open as for some reason I don't have
sensitive content in them, but some pictures on the other hand are really not
meant for everybody, especially when they aren't even sorted out yet, and I'm
sure I am not alone.

Also: taking a picture of a phone with a picture still preserves most of it
and so they can in fact be - what I would call - forwarded.

------
smackfu
There have been quite a few of these exploits over the years, where you can
trick a program running in locked mode into thinking it's in unlocked mode. It
seems like they really need to have completely separate programs to run in
locked mode that can't access anything except via defined APIs.

~~~
muaddirac
I think object-capability based access control would solve the problem as
well. If the login screen is only given the capability to talk to the
authentication program, then even if you could force opening photos, you
wouldn't have the capabilities to hand to the photos app to actually view
them.

