

iOS 7 Lock Screen Vulnerability Discovered - cramforce
http://techcrunch.com/2013/09/19/ios-7-lock-screen-vulnerability-discovered-gives-access-to-photos-and-social-sharing/

======
state
"The discovery was made by Jose Rodriguez, a soldier in Spain’s Canary
Islands, who has a history of discovering these tricky bypass methods. His
secret? Plenty of time waiting in cars in his former job as a driver for
government officials."

I love that. It's not a 'security researcher', it's just some guy messing
around with his phone.

~~~
phoboslab
There's so much happening and accessible on a "locked" iPhone that it's not
surprising something may go wrong. Securing a phone that can't do anything
when locked would be much easier.

Reminded me of this Win95 login bypass:
[http://i.imgur.com/rG0p0b2.gif](http://i.imgur.com/rG0p0b2.gif)

------
libraryatnight
Here's the Forbes link for anyone who doesn't like giving techcrunch hits:

[http://www.forbes.com/sites/andygreenberg/2013/09/19/ios-7-b...](http://www.forbes.com/sites/andygreenberg/2013/09/19/ios-7-bug-
lets-anyone-bypass-iphones-lockscreen-to-hijack-photos-email-or-twitter/)

~~~
MPetitt
Is there something shady I don't know about techcrunch?

~~~
libraryatnight
I don't know about shady, I just know a lot of people don't care for them or
the way they present things. I'd also just read the Forbe's article and then
clicked through to techcrunch and realized that's what they were reporting
from.

------
superuser2
In iOS 6, the default configuration allowed anyone to send texts (and I think
emails) from your accounts by dictating them to Siri through the lock screen.

No one seemed to think this was a big deal, but there was certainly potential
for abuse. Security of incoming texts is more important, but being able to
send a fraudulent iMessage is definitely a problem for kids who like messing
with each other's emotions...

------
eridius
To clarify: this doesn't actually give anyone free access to your phone. As
near as I can tell, all it lets them do is access your camera roll, and share
items from it using the share panel. They can also see what your recent apps
list is, but they can't actually access any of them (besides the camera).

~~~
partyanimal
Yeah, it's not like the hundreds of vulnerabilities you can find on Android
phones. Here's the latest.

"Firefox For Android Can Be Tricked Into Automatically Downloading And
Executing Malicious Code"

[http://www.androidpolice.com/2013/09/11/security-firefox-
for...](http://www.androidpolice.com/2013/09/11/security-firefox-for-android-
can-be-tricked-into-automatically-downloading-and-executing-malicious-code/)

~~~
jonknee
Alternate headline... "Firefox For Android can download files". The standard
UI comes up as it would for any app install.

~~~
partyanimal
hey you don't have to convince me.

"U.S. Government Issues Warning About Security on Android Phones"

[http://bits.blogs.nytimes.com/2013/08/28/u-s-government-
issu...](http://bits.blogs.nytimes.com/2013/08/28/u-s-government-issues-
warning-about-security-on-android-phones/?_r=0)

~~~
jonknee
That has nothing to do with Firefox properly downloading files. Your link has
to do with a security bulletin regarding out of date Android devices being
vulnerable to attacks.

~~~
partyanimal
pick one Android vulnerability out of a hundred.

------
MichaelGG
At least the iOS7 lock screen seems useful. The #1 use of my phone is as a
music player. Android somehow thinks it should only show media controls while
I'm playing music, and for a minute or two after I put it on pause. FFS, just
make my entire music library accessible and always on the lock screen.

Between that, and having maps auto-unlock if you're in nav-mode -- that'd
solve about every dangerous car-phone situation I run into.

~~~
keeperofdakeys
The latest android version has lock screen widgets, which you can use to put a
permanent notification up for.

Also, using Navigation instead of Maps keeps the screen unlocked, which may be
more handy depending on what you are doing.

~~~
scott_karana
There is no longer a "Navigation" app: it's been merged into the new Maps,
which loses a lot of functionality.

Not sure whether or not it prevents screen locking.

~~~
keeperofdakeys
The "Navigation" app has always been part of Maps, specifically the turn-by-
turn navigation features. This hasn't changed with the latest Maps. In this
turn-by-turn navigation mode, the screen stays on, just like older versions.

~~~
scott_karana
Yes, I'm well aware that it has always been part of maps. I was merely
addressing this, hopefully to avoid confusion for those who might not
understand where the "Navigation" icon went.

> Also, using Navigation instead of Maps

~~~
keeperofdakeys
Strangely I still have the icon.

------
roschdal
"Note that this vulnerability is incredibly easy to prevent for now. Just
visit Settings>Control Center and toggle off ‘Access on Lock Screen’ to patch
it up."

------
bigd
This remind me of the "souvenir d'italie":
[http://www.youtube.com/watch?v=UPXuIirf8Ow](http://www.youtube.com/watch?v=UPXuIirf8Ow)

then post on victim facebook for great fun

------
benologist
Rewording of
[http://www.forbes.com/sites/andygreenberg/2013/09/19/ios-7-b...](http://www.forbes.com/sites/andygreenberg/2013/09/19/ios-7-bug-
lets-anyone-bypass-iphones-lockscreen-to-hijack-photos-email-or-twitter/)

------
nextstep
It's hard to get the timing right on the cancel/double-tap home button step.

~~~
neon_electro
I don't know if it's because my iPhone 4's slower, but I found it relatively
easy to do.

------
r00fus
I tried numerous times with iPhone5 on iOS7 and I can't reproduce it. I wonder
what the timing issue is. I tried immieately double-pressing home after
cancelling the poweroff, and then delaying it. Nothing worked.

~~~
GuiA
You have to douple tap the home button a split second after having tapped
"Cancel". It took me a few tries, but it works.

~~~
r00fus
My passcode lock is set to immediately. After changing it to "5 min" it
worked. Changing it back made it impossible again. So that's another way to
avoid the vulnerability (along with turning off control center access from
lockscreen).

Regardless, I'm sure this'll be fixed shortly and glad this guy found the
vulnerability so soon!

~~~
smcl
This is odd, you say setting passcode lock to "5 min" worked but "immediate"
didn't. Someone else said the exact opposite. I've tried both with no luck. In
the video the person appears to also hold the "home" key while cancelling (or
a just tap split second prior, maybe?), too but no mention is made of this.

Not that it matters to the resolution of the vulnerability - I'm sure Apple
will be in a position to repro and fix it - but I wish for the sake of my own
curiousity that these things are described in more detail.

------
reiichiroh
Set passcode to appear "immediately" \-- if you set it for 1 min/5 min/15
min/1 hour/4 hours, then this "vulnerability" really isn't one.

~~~
NSMeta
Tried this with both "immediately" and 15 min on iPad Mini. Reproduced it
every time.

As a side note, one can use this bug to access contacts list and send email on
behalf of the owner (via share menu in photo stream).

Edit:

Just found out that I can tweet, post to facebook and send email just by using
Siri (if that setting is enabled). Although, this might be the correct
behavior.

------
scott_s
I think these "vulnerabilities" are silly. The lockscreen on the phone is the
equivalent of a screen door: it's meant to keep the bugs out, and to signal to
the outside world, "Hey, this is a closed door, behave appropriately." But no
one is going to be surprised if burglars are able to get past it.

~~~
Miyamoto
Do you have a password protected computer? Like a computer, a phone can have
sensitive information. For many, such as my wife and sister, a phone is their
computer. They put everything on it. A lock screen is a no different than any
other password prompt you encounter. They're passwords. Passwords are not
silly.

~~~
scott_s
No, I do not, for the same reason. If someone gets physical access to a
device, it is compromised.

~~~
scott_karana
> If someone gets physical access to a device, it is compromised.

This is the same with your computer. What's your point? Do you have _no_
private information?

(Don't say "everything's encrypted": it's the same with passworded iPhones,
and again: same issue with your PC. There are numerous simple hardware
compromises like keyloggers, or removing and chilling RAM to get keys
unencrypted from memory, etc)

~~~
scott_s
My point was that it _is_ the same with my computer, hence I don't bother with
login passwords for either. If you get physical access to either, they are
compromised. The veneer of security that a login password for my phone or
computer provides is not worth the many times a day hassle of providing it.

Note that this is distinct from the login password to something remote.

~~~
scott_karana
Okay, fair enough. I quite understand where you're coming from. Good on you
for practising what you preach! Personally, I appreciate the simple deterrent
passwords have provided. :-)

------
smrtinsert
Impossible, Apple releases beautiful features that are flawless and have
turned this phone into the Samsung and Android killer that everyone was
waiting for. It's 64 bit!

------
gdonelli
AGAIN! This is probably the 7th time?

------
MmeMANET
unsurprising.

------
shalander
I can see how reproducing could potentially be tricky for some, that said, I
was able to reproduce this almost instantly. I wonder if I should bother
restoring back prior to iOS 7 or just wait for the patch? Hmmm....

~~~
zwily
Just disable Control Center on the lock screen. Seems much easier than
downgrading iOS...

~~~
shalander
Yeah but... __puts on tinfoil hat __What if the NSA and stuff?! :-P

Seriously though, Control Center is probably a good stop-gap, though the
bigger question is probably how quickly Apple will try to patch this.

