

IOS 6.1 hack lets users see your phone app, place calls - husein10
http://news.cnet.com/8301-13579_3-57569389-37/ios-6.1-hack-lets-users-see-your-phone-app-place-calls/

======
saurik
I really don't understand why people keep saying this sounds like an
intentional backdoor... it looks a lot more like the ramifications of using an
overly complex set of state transitions that end up with a bunch of spaghetti
logic strewn between multiple processes and a ton of largely unrelated systems
that, if you go through them in the wrong order with outstanding delayed
actions (as caused by the animations of that power drop down), lead to an
exploitable race condition.

This isn't Apple being nefarious: this is just Apple being "sloppy" (which I
put in quotes, as when you have as many engineers as they do working on as
many features as they are, with all of the user interface wedged into the same
small set of displays, you are going to expect to have at least a few places
like this, and honestly Apple generally does really well at avoiding them).

(As a similar example to this, for an unrelated reason, I just spent the last
few hours pulling apart how they do the UI z-ordering of the lock screen, and
it is a ton of one-off rules like "if I am adding the notification list, and I
already have a battery image up, put it over the battery; otherwise, try to
find a thermal warning, but first ask if it considers itself important enough
to be rendered on top of the notifications; if not, then see if we have a
headset charging display, and try to render on top of that...".)

~~~
edandersen
Any idea why the status bar turns blue after cancelling a shut down attempt
after touching emergency call? Normally status bar changes are for
calls/tethering.

~~~
Xuzz
The Phone app has a blue status bar in iOS 6.

~~~
edandersen
You're right! And so does Mail, Settings etc. Never noticed.

------
barredo
The best fix will be to include a Emergency.app that displays a num keyboard
and it's called from the 'Make an Emergency Call' button, instead of the full
Phone.app.

------
xuki
The question is how did anyone figure out this method? I know it was first
exposed in a similar manner on iOS 4.1 but is there someone deliberately
trying to break the passcode lock? Is the recent jailbreak helping?

~~~
skc
Trying to figure out what difference that makes, or why you bring up
jailbreaking at all.

~~~
xuki
Well just out of curiosity. I mentioned the jailbreak because now people can
have root access which could be useful, I don't know. Maybe the timing is just
an coincident.

~~~
saurik
I believe this bug applies to all devices running 6.1, which includes the
iPhone 4; we have a permanent jailbreak for the iPhone 4, due to the limera1n
bootloader exploit, and thereby have had people using jailbroken 6.1 iPhone
4's (which are quite popular, even still being sold new) for a while.

------
JagMicker
For jailbroken iOS devices, some potential solutions would be to replace the
default lockscreen with one of the alternatives, and/or install the Cydia
tweak that disables Emergency calls.

------
darxius
What are the chances this is a built-in backdoor? Also, what would be the
ramifications if someone found out it was?

~~~
misnome
Virtually nil.

------
inafield
Looks like Cnet is having issues. I keep getting "Whoops! You broke the
Internet!" on most of their pages.

------
greenwalls
It sounds like a purposely coded backdoor but hopefully I'm wrong.

------
nwh
I really don't see what all the fuss is about. It's not like my address book
has anything particularly private in it.

~~~
rednukleus
Well as long as it doesn't affect nwh, I don't see what all those business
people, journalists and activists are worried about.

