
iOS 7 Bug Lets Anyone Make Calls From Locked iPhones - pearjuice
http://www.forbes.com/sites/andygreenberg/2013/09/20/another-ios-7-bug-lets-locked-iphones-make-calls-and-this-time-theres-no-easy-fix/
======
untog
iOS7 definitely feels rushed. I work doing a lot of mobile web stuff, and the
number of bugs in Safari in iOS7 is staggering. Here's hoping we see 7.1 very
soon.

~~~
chmars
Isn't iOS 7.0.1 more likely?

~~~
JohnTHaller
Right, but iOS 7.0.1 is just fixing the critical bugs that should have been
caught before release. It'll take more like a point version to fix all the
bugs in Mobile Safari: [http://www.mobilexweb.com/blog/safari-
ios7-html5-problems-ap...](http://www.mobilexweb.com/blog/safari-
ios7-html5-problems-apis-review)

It's not like iOS users can install an alternate browser, either.

~~~
rflrob
Yes they can:
[https://itunes.apple.com/us/app/chrome/id535886823?mt=8](https://itunes.apple.com/us/app/chrome/id535886823?mt=8)
[https://itunes.apple.com/us/app/opera-mini-web-
browser/id363...](https://itunes.apple.com/us/app/opera-mini-web-
browser/id363729560?mt=8)

~~~
JohnTHaller
Every time the fact of Apple not permitting other browsers is brought up,
someone always says "Yes they can" and points out Chrome, Opera, etc. But they
can't. Apple won't allow any code interpretation in apps. That means no
JavaScript at all. Which means a browser that's pointless on today's internet.

Opera Mini isn't a true browser and offloads processing to external servers
because they can't interpret JavaScript locally (thanks to Apple's anti-
competitive app store rules). The off-device rendering makes for a less-than-
desirable user experience.

Chrome and every other "browser" in the iOS app store is just a custom UI on
top of Mobile Safari. And it's not even full-speed instance of it since it
can't use the Nitro JavaScript engine. It's hobbled so it's slower than proper
Mobile Safari. Chrome does add one other custom bit in that it inserts its own
network stack underneath it. But it's still Mobile Safari within Chrome. It's
not the Chrome/Blink engine and it likely never will be. Not unless those
increasingly high walls start coming down.

------
frou_dh
There seem to have been several lock screen bypass bugs over the years. Given
that, you'd think they'd give it a hammering and find this stuff.

~~~
chrisdevereux
I'm sure I'm missing something, but given how many there have been wouldn't
you at least stick an `assert(!isPhoneLocked())` or similar on entry to
anything that shouldn't be accessible while locked?

~~~
testbro
IIRC most of these bugs arise because of things that should be available while
the device is unlocked: the dialler and camera for example. Camera is supposed
to restrict gallery access and the dialler is supposed to only permit
emergency calls. I'd expect that every app trusted with running while the
device is locked will have these bugs as Apple goes forward too.

The bugs seem to a bit more nuanced than just testing for a locked device; the
attacks seem to rely on performing actions simultaneously to exploit race
conditions much like weird glitches in games. This class of bugs is really
hard to test for due to the large search space. Model checking might offer a
solution, but it's not a magic bullet by any means.

~~~
frou_dh
Speaking of games, that's exactly what the humble games tester spends a good
chunk of time doing: uncovering bugs by coming up with weird things to try,
like spamming input at unexpected moments.

------
auctiontheory
_... the company has focused too many of its resources on adding new features
to handsets, and not enough ensuring that their basic functions work._

Couldn't have said it better. Crazy that we're only now getting number
blocking. (Okay, that's a "new feature," but it's a pretty basic one.)

------
pearjuice
With this in mind lock screens should be advertised as screensavers with
passwords instead of actual lock screens; screens you tend to trust to protect
your phone at all cost. Not screens which you can't be 100% certain of they
actually lock your screen.

------
wiznvKNGNR
Perhaps this is a "feature" and not a bug. News like this just makes me want
to go back to using "dumb" phones. _adjusts tin-foil hat_ Apple knows what
they're doing.

~~~
sgt
I showed this to my girlfriend and she thought it was a feature - seeing that
if you /really/ need to phone someone, why not allow this in Emergency Mode,
as it's probably an emergency anyway? Yeah, I am not sure about that logic.

------
guilhermetk
Just tested it and It really allows me to make calls even with the phone
locked.

~~~
taspeotis
Tested it as well. Extremely easy to exploit.

------
throwaway6781
There is no excuse for not having a fuzz-testing framework to catch issues
like this. It's straight-up lazy.

------
jamesmoss
Why does responsible disclosure go out the window when it comes to iOS lock
screen issues?

~~~
untog
Probably because Apple has never acknowledged a problem with their platform,
let alone rewarded one. Apple's outreach to any kind of dev community is
nothing short of awful.

~~~
cowsandmilk
I guess the official statement from Apple that they're working on the lock
screen bugs is a case of "Apple never acknowledging a problem with their
platform"? I guess they don't have a security-announce list where they post
many bugs a month[1]. I guess the message to go along with iOS 7 that lists a
bunch of security researchers who disclosed bugs to apple shows their awful
relationship with developers[2]. What a bunch of FUD.

[1] [http://lists.apple.com/archives/security-
announce/2013/Sep/i...](http://lists.apple.com/archives/security-
announce/2013/Sep/index.html) [2] [http://lists.apple.com/archives/security-
announce/2013/Sep/m...](http://lists.apple.com/archives/security-
announce/2013/Sep/msg00006.html)

~~~
wmeredith
Now, now. We wouldn't want to let a pesky thing like reality get in the way of
the Apple-hates-developers circle-jerk, would we?

------
alexfringes
For what it's worth, I'm unable to replicate this on a 5s running 7.0.1.

------
denzil_correa
I tried it on my phone and it indeed works.

------
bennesvig
Was this fixed in 7.0.1?

~~~
RexRollman
I believe 7.0.1 fixed a fingerprint issue with the iPhone 5s.

------
josteink
As usual with Apple, eye-candy is much more important than security. Their BSD
foundation is pretty good, and then everything they add on top of it, pretty
shoddy as far as security goes.

I'm guessing Gruber and the rest of the Apple-crowd is not going to try to
spin this one as vividly as they would have done, had this been an Android-
exploit.

~~~
lttlrck
'As usual'?!?!

