Friday, September 20, 2013

iOS 7 Lock Screen Vulnerability Discovered

Vulnerabilities in Apple’s iOS lock screens have become a fixture of new iOS releases over the past few years, and iOS 7 is not exempt. A new method for bypassing the passcode on a lock screen has been discovered by idle hands and reported by Forbes’ Andy Greenberg. Update below.

The lock screen bypass method involves sliding up Control Center, tapping on the timer button and holding down the power button until the cancel option comes up. You then tap on the cancel button then double-tap the home button. This gives you access to the multitasking UI. While most apps are locked out, the Camera option is accessible.

This allows you to access the camera interface, but with the ability to scroll through all of the owner’s photos, not just the ones shot in the time since the phone was last locked — in the manner that the camera has worked for some time now.

Not only can you scroll through the photos, but you can also tap on the share button to send photos out via email or social channels like Twitter or Facebook. So once you’re in you can post photos to Flickr or send them via email. Though Greenberg characterizes this as ‘hijacking’ those accounts, that seems a bit dramatic. Still, there is potential for embarrassment or harm if sensitive (ahem) photos get stolen or shared out through your social accounts.

The bypass method has been verified by us to work properly and to not be overly difficult to execute. It took me about three tries to get it right on an iPhone 5 running iOS 7. As Greenberg notes, it’s hard to tell whether this works on an iPhone 5c or iPhone 5s as of yet. Of note: once you’re on the share sheet, you can choose a contact to send the item to, technically gaining access to the contact list (but not their details) of the device’s owner.

Note that this vulnerability is incredibly easy to prevent for now. Just visit Settings>Control Center and toggle off ‘Access on Lock Screen’ to patch it up.

The discovery was made by Jose Rodriguez, a soldier in Spain’s Canary Islands, who has a history of discovering these tricky bypass methods. His secret? Plenty of time waiting in cars in his former job as a driver for government officials.

With past vulnerabilities, a software fix has come in a ‘point’ release of iOS 7. iOS 7.0.1 is already floating out there and contains a fix for Apple’s TouchID fingerprint scanner. So any fix for this would likely come in iOS 7.0.2 or later.

Apple has added a variety of security features to iOS 7, including Activation Lock, which renders stolen phones unusable, even if they’re wiped. But it looks like it needs another lock screen audit just to be sure.

Update: Apple Spokesperson Trudy Muller told TechCrunch that “Apple takes user security very seriously. We are aware of this issue, and will deliver a fix in a future software update.”

So, yes, the fix for this little bug will come in a future point release of iOS 7. (Always in a future release...)

3 comments:

  1. That got fixed in a hurry

    http://arstechnica.com/apple/2013/09/apple-releases-ios-7-0-1-update-to-fix-fingerprint-scanner/

    ReplyDelete
    Replies
    1. Wrong. If you actually read the article it says they fixed the fingerprint scanners ability to be used for in-app purchases. It does not mention a fix for the hack.

      Delete
  2. Try this one.

    http://support.apple.com/kb/HT5957?viewlocale=en_US&locale=en_US

    Apple does treat these as high priority.

    ReplyDelete