Print 31 comment(s) - last by rbuszka.. on Sep 27 at 10:02 AM

Apple is working on a fix now

Apple just released its latest operating system yesterday -- iOS 7 -- and as expected with new releases, users are finding bugs. The most recent find allows anyone to bypass an iPhone user's lockscreen and access their photos, Twitter, email and more. 

According to Forbes, Jose Rodriguez -- a 36-year-old soldier from Spain’s Canary Islands -- found the lockscreen vulnerability in his free time. He is known for finding lockscreen security flaws in previous versions of iOS as well. 

The lockscreen flaw in iOS 7 allows someone to bypass the passcode screen entirely by swiping up to access the "Control Center," and opening the alarm clock. They then hold the phone's sleep button down -- which offers the option to power it off -- but instead, they hit "cancel" and double click the home button to access the multitasking screen.

From there, it's free access to the iPhone's camera and photos, as well as options to share them through Twitter, Facebook and email. Check it out in this video:

It's not clear if this is a problem with the iPhone 5S or 5C yet, but it's been a proven issue in the iPhone 4 and 5 as well as the iPad. 

Apple is already aware of the problem, and says it will be fixed in a future software update. 

“[Apple] takes security very seriously and we’re aware of this issue," said an Apple spokesperson. "We’ll deliver a fix in a future software update.”

Until that fix is released, users can disable access to the Control Center from their lockscreen by choosing Settings>Control Center>Access on Lock Screen and toggle it off. 

Source: Forbes

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By Cheesew1z69 on 9/20/2013 11:13:44 AM , Rating: 3
Escalated quickly....

RE: That....
By retrospooty on 9/20/2013 12:13:06 PM , Rating: 5
LOL. But I dont fault Apple for this. Bugs happen, and I am sure they will fix it quickly.

What is a laugher, is the pompous fanboys that act like Apple is impervious to such obvious flaws. LOL.

Shhh... Lets pretend like this didnt happen.

RE: That....
By tayb on 9/20/13, Rating: -1
RE: That....
By amanojaku on 9/20/2013 12:29:21 PM , Rating: 3
Bugs happen, but Apple thinks differently. And the company does not fix things quickly, unless it becomes publicly known.
The oldest bug in the batch appears to be a kernel issue from 2011 discovered by Marc Heuse where-in an attacker could have sent specially crafted IPv6 packets to an iPhone 4 and caused a high CPU load. While the bug is known as CVE-2011-2391 in the Common Vulnerabilities and Exposures database, the CVE warns the attached date does not necessarily reflect when the vulnerability was discovered.

Several vulnerabilities from 2012 are also addressed in the update, all involve fixing arbitrary code execution bugs in the libxml and libxslt libraries.

I'm pissing on Apple the same way I did MS when it hid the truth and was slow to fix things, and I'd piss on Google if it hid vulnerabilities.

RE: That....
By vol7ron on 9/20/2013 12:32:24 PM , Rating: 2
if you look quickly... it didn't

RE: That....
By Reclaimer77 on 9/20/2013 3:30:59 PM , Rating: 2
Apple has always sucked when it comes to security, this should come as no surprise.

True security isn't sexy. You have to be willing to inconvenience the user, to put function over form (like Windows UAC).

RE: That....
By Tony Swash on 9/21/13, Rating: -1
RE: That....
By Apone on 9/20/2013 4:21:18 PM , Rating: 5
It hasn't shown up so I'm gonna' jump in and say it.

"It's not a flaw, it's a feature!

RE: That....
By Cheesew1z69 on 9/20/2013 4:52:10 PM , Rating: 2
I thought it was a gimmick? :o

RE: That....
By Kiffberet on 9/23/2013 8:38:27 AM , Rating: 2
You're clearly a Apple hater. Hatin' away at any opportunity.

All the posts are of people trying to reproduce the security error. Not a single one is a fan boy. But at least you got some Hatin' off your chest.

RE: That....
By KiwiTT on 9/26/2013 3:43:03 PM , Rating: 2
... How long would you have to wait until a similar bug is rolled out to an Android Phone.

Unable to reproduce
By Guspaz on 9/20/2013 12:00:57 PM , Rating: 1
There is clearly some information missing here, because I can't reproduce this at all on my iPhone 4S running iOS 7. When I do the final step of double-tapping the home button, I go back to the lock screen.

Perhaps the issue only occurs on certain devices.

RE: Unable to reproduce
By retrospooty on 9/20/2013 12:11:16 PM , Rating: 5
maybe you're holding it wrong?

RE: Unable to reproduce
By tayb on 9/20/2013 12:19:46 PM , Rating: 2

1. Swipe up and open control center
2. Open the timer app from the control center
3. Switch to the alarm
4. Hold down the power button until you get the option to turn it off
5. Press cancel and then immediately double click the home button
6. It will move to the multi-tasking UI and focus on the camera. The camera is the only thing you can get to.

You can temporarily fix the security breach by disabling the control center while locked.

RE: Unable to reproduce
By cochy on 9/20/2013 1:47:13 PM , Rating: 3
Got into the multitasking screen using this method on my iPad but from there I cannot open any other app. So this does not appear overly serious, if that is the case.

RE: Unable to reproduce
By CharonPDX on 9/20/2013 2:11:07 PM , Rating: 2
It seems this does not affect the iPhone 4S. I have now seen multiple people with an iPhone 4S (including myself) say they cannot reproduce this.

When I double click the home button, which according to this should bring up the task switcher, I instead go back to the main lock screen.

RE: Unable to reproduce
By espaghetti on 9/20/2013 12:56:43 PM , Rating: 2
I can't either on my wife's 5 or my 4S with ios 7.
Both just go back to the lock screen as well.

RE: Unable to reproduce
By Spoelie on 9/20/2013 1:08:25 PM , Rating: 2
Initially wasn't able to do it either but now I can. The key is to do the double tap (with the second tap a little longer) immediately after pressing cancel, if waiting even half a second it fails.

As explained, you only can get into the "full" camera app though, nice to see all pictures stored but not much else.

RE: Unable to reproduce
By Gio6518 on 9/20/2013 1:18:21 PM , Rating: 2
Not only does it bypass the lock on my works iPads, but it crippled our programs... It's great to be using paper until you get to a workstation... At least they're finally listening and looking to other alternatives, though I'm an android person, we're more than likely going with surface tabs.... That's a couple thousand tablets going bye bye

RE: Unable to reproduce
By Kepler on 9/21/2013 5:38:09 PM , Rating: 2
I just did it on my work issued iPhone 4s. You're probably holding it wrong.

Tim Cook
By majorpain on 9/20/2013 1:53:13 PM , Rating: 2
Is it just me, or did i read something today about Tim Cook saying "Apple doesn't produce garbage!" ? Well, this should make the trick...

By DukeN on 9/20/2013 2:50:59 PM , Rating: 2
You know, the ones where they brag about the security, etc?

By zerocks on 9/20/2013 8:01:51 PM , Rating: 2
Again with the lock screen issues apple!?

Emails are safe
By BillyBatson on 9/20/2013 10:17:46 PM , Rating: 2
I can verify that this exploit does give access to photos, it is however not allowing access or a preview of emails..

Law Enforcement Feature
By rbuszka on 9/27/2013 10:02:34 AM , Rating: 2
I wonder if some of these 'bugs' aren't actually hidden 'features' that allow law enforcement personnel to unlock an iPhone and determine whether it was used to photograph or take video of police officers or federal agents. It seems exactly like something the FEDGOV would do - require Apple to build in a secret "front door" that would allow any (usually corrupt) law enforcement official to access the phone's contents to use as evidence.

these comments never fail
By epollyon on 9/23/2013 2:57:07 AM , Rating: 1
i come here just to see the flame-war/circlejerk. something about nerds fighting over what platform is best is a hilarious but also sad. apple sucks, android sucks, windows sucks, but you guys suck most of all. hahaha

This -
By Dr of crap on 9/20/13, Rating: -1
RE: This -
By invidious on 9/20/2013 12:56:00 PM , Rating: 3
You don’t know how much spare time he spent on it and you have no reason to care how much spare time he has. Stop being butt hurt because your phone isn't as secure as you blindly assumed it was.

Full disclosure of security flaws is nothing new and this is a relatively minor one. You should never assume that anything you do on a network connected device is 100%secure, even if it has an almighty fingerprint scanner on it.

RE: This -
By retrospooty on 9/20/2013 12:57:22 PM , Rating: 5
LOL... Yes, there is a security hole that someone found. Lets bash the guy that found it.

Well placed blame. o_O

RE: This -
By retrospooty on 9/20/2013 12:57:23 PM , Rating: 3
LOL... Yes, there is a security hole that someone found. Lets bash the guy that found it.

Well placed blame. o_O

RE: This -
By Monkey's Uncle on 9/20/2013 4:58:51 PM , Rating: 2
Unless of course it was an Apple booster that found it on a *gasp!* Android phone, then yeah, kick Google or Samsung for sure.

"Let's face it, we're not changing the world. We're building a product that helps people buy more crap - and watch porn." -- Seagate CEO Bill Watkins

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki