Did You Know?



Reply
Community Leader
Jasper_The_Rasper
Posts: 1,077
Registered: ‎06-12-2013

iOS 7 lockscreen hole discovered already - all your private photos could end up online!

Serial iOS bug finder videosdebarraquito has struck again.
He found a bug in the iOS 6.1.3 lockscreen, almost as soon as that update was published (an irony, given that the main purpose of 6.1.3 was to fix various lockscreen flaws).
Now he's made a video of himself bypassing the lock on just-released iOS 7.
(I've given you more than enough to find the video if you want. But I haven't provided a direct link here. Call me an old-school wowser. I can take it.)

Lock screens have a chequered security history, with Android having its recent share of problems, too.
The main reason is complexity, one of security's mortal enemies.
You can understand why some exceptions to a phone lock might be desirable, or even required by the regulators: the ability to call the emergency number, no matter what, for example.
Similarly, a clock is handy when the phone is locked, as well as an indication of whether there's network service available should you want to make a call.

So some "special case" programming is needed in phone lock software, which inevitably means more to go wrong with the part that implements the actual lock.
But functionality to check whether you've just dialled the three digits 112, 999, 000, 911, or some other well-known emergency number, and to update a digital clock once a minute, is a far cry from the feature set implemented by the average lockscreen app on a modern smartphone.

We're no longer content to have our phones locked: we want them locked, except for a huge raft of features.

 

Full Article

Community Leader

Please use plain text.
pegas
Posts: 1,677
Topics: 71
Kudos: 756
Ideas: 17
Registered: ‎02-23-2012

Re: iOS 7 lockscreen hole discovered already - all your private photos could end up online!

Yes, Apple knows of the vulnerability and is working to correct it.

“Apple takes user security very seriously,” Apple spokeswoman Trudy Muller told. “We are aware of this issue, and will deliver a fix in a future software update.”

In the meantime, you can protect yourself against it by disabling access to Control Center on your iOS device’s lockscreen. Just head over to Settings > Control Center, look for “Access on Lock Screen” and toggle it off.

Sr. Expert Advisor

Please use plain text.
Community Leader
Jasper_The_Rasper
Posts: 1,077
Registered: ‎06-12-2013

Re: iOS 7 lockscreen hole discovered already - all your private photos could end up online!

Apple fixes a pair of lock screen bugs with iOS 7.0.2 update

 

Apple has just released iOS 7.0.2, a minor patch for the iOS 7 update that was made available to the general public a bit less than a week ago. The update appears to fix two lock screen bugs we've previously reported on: one that allows access to an iOS device's Photos app (and, by extension, its Contacts list and some other information) and one that allows calls to any number to be made from the Emergency Call screen. We were able to reproduce both bugs in iOS 7.0 and 7.0.1, but neither exploit worked in iOS 7.0.2 on our iPhone 5S.

 

Full Article

Community Leader

Please use plain text.
Community Guide
TonyW
Posts: 179
Registered: ‎03-26-2012

Re: iOS 7 lockscreen hole discovered already - all your private photos could end up online!

That was actually a quick turnaround to fix that security hole following the release of iOS 7 on 18 September. Well done Apple.
Please use plain text.