Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Apple promises to fix iOS 7 lock screen hack (huge security hole in apple ios7).
CNET ^ | 19 Sep 2013 | Seth Rosenblatt

Posted on 09/20/2013 8:23:44 AM PDT by for-q-clinton

The passcode lock screen on iOS 7 suffers from a bug that allows anyone with direct access to the iPhone or iPad to bypass the lock screen and open apps.

The bug, discovered by 36-year-old soldier Jose Rodriguez, who lives on the Canary Islands off the coast of Spain, is remarkably simple to exploit, reports Forbes. Swipe up from the lock screen to access the new Control Center, then open the alarm clock app.

Hold the phone's sleep button, but instead of swiping to power down the phone, tap cancel and double-tap the home button to access the multitasking screen. From there, you can jump to the camera and share stored photos, which gives you access to the user's communication accounts such as e-mail, Flickr, Facebook, Twitter, and others.

The exploit has been tested successfully on iOS 7 when running on the iPhone 4S, 5, 5C, and 5S, and the most recent iPad model.

Apple did not immediately respond to CNET's request for comment. However, an Apple spokesperson told Forbes and others that the company "takes security very seriously" and that it's "aware of this issue. We'll deliver a fix in a future software update."


TOPICS: Crime/Corruption; News/Current Events; Technical
KEYWORDS: apple; buggy; ios; pos
Wow if a Microsoft product was this buggy and insecure it would be all over the place.
1 posted on 09/20/2013 8:23:44 AM PDT by for-q-clinton
[ Post Reply | Private Reply | View Replies]

To: for-q-clinton

Always wait for the second service pack, regardless of the OS.


2 posted on 09/20/2013 8:24:12 AM PDT by dfwgator
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce; Swordmaker

Ping please.


3 posted on 09/20/2013 8:24:26 AM PDT by for-q-clinton (If at first you don't succeed keep on sucking until you do succeed)
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

Yeah. Sure it would. Hahahahahah, that is really funny.


4 posted on 09/20/2013 8:27:37 AM PDT by rlmorel (Silence: The New Hate Speech)
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

I wonder how the heck someone figured that out. Seems an unusual set of steps to try. Didn’t take them long.


5 posted on 09/20/2013 8:28:24 AM PDT by driftdiver (I could eat it raw, but why do that when I have a fire.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton
I upgraded my iPad to iOS 7 yesterday.

I don't have to worry about this bug. I don't have a password on the device. :-)

6 posted on 09/20/2013 8:29:43 AM PDT by justlurking (tagline removed, as demanded by Admin Moderator)
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

I wish they would come up with a fix for the gay user interface.


7 posted on 09/20/2013 8:35:48 AM PDT by papertyger (Blessed are the flexible for they shall not be broken....)
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

I just tried this and it didn’t work for me..


8 posted on 09/20/2013 8:36:23 AM PDT by Ghost of SVR4 (So many are so hopelessly dependent on the government that they will fight to protect it.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: justlurking

LOL


9 posted on 09/20/2013 9:05:59 AM PDT by Not gonna take it anymore (If Obama were twice as smart as he is, he would be a wit)
[ Post Reply | Private Reply | To 6 | View Replies]

To: justlurking

I did my iPad yesterday as well. Have yet to find ANYTHING that lived up to any of the hype preceding its release. At best some furniture rearrangement.

This coming from a guy who upgraded from windows 3.1 to windows 95 and cussed the bejesus out of it way back when.


10 posted on 09/20/2013 9:30:50 AM PDT by diverteach (If I find liberals in heaven after my death.....I WILL BE PISSED!!!)
[ Post Reply | Private Reply | To 6 | View Replies]

To: for-q-clinton

Glossed over is the fact that if you don’t allow bypass of the screen locking, you don’t have this problem.


11 posted on 09/20/2013 9:58:35 AM PDT by Dilbert56
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton
iOS 7 also broke Safari when trying to view sites (corporate intranet sites in our case) that use Windows Authentication in IIS. Worked in iOS 5, 6. On iOS 7, they work in Chrome for the iPhone/iPad, but not in Safari.

Unfortunately, links in emails and other apps only open in Safari because closed-world Apple will not allow you to select your default browser (imagine if Microsoft did that...).

12 posted on 09/20/2013 10:06:14 AM PDT by Mannaggia l'America
[ Post Reply | Private Reply | To 1 | View Replies]

To: Ghost of SVR4

I could not get it to work on mine either.


13 posted on 09/20/2013 10:23:24 AM PDT by jospehm20
[ Post Reply | Private Reply | To 8 | View Replies]

To: Ghost of SVR4

Doesn’t work on my iphone 5. Tried several times. I think it’s bogus.


14 posted on 09/20/2013 5:24:53 PM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 8 | View Replies]

To: Swordmaker
Apple doesn't: However, an Apple spokesperson told Forbes and others that the company "takes security very seriously" and that it's "aware of this issue. We'll deliver a fix in a future software update."
15 posted on 09/20/2013 6:04:21 PM PDT by Charles H. (The_r0nin) (Hwaet! Lar bith maest hord, sothlice!)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Charles H. (The_r0nin)
Apple doesn't:

As pointed out above, one of the very important requirements for this "exploit" to work was left out of the directions:

Glossed over is the fact that if you don’t allow bypass of the screen locking, you don’t have this problem.

In other words, it REALLY isn't secure to begin with if you allow bypassing screen locking!. That's exactly what this is describing: unlocked, bypassed screens! What do they expect if they TURN OFF SOME OF THE SECURITY????

Default is screen locking on.

This is almost as stupid as complaining that your Jailbroken iPhone is more susceptible to malware and blaming Apple. . .

As I said, it's bogus.

16 posted on 09/20/2013 7:39:41 PM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 15 | View Replies]

To: for-q-clinton; ~Kim4VRWC's~; 1234; Abundy; Action-America; acoulterfan; AFreeBird; Airwinger; ...
Contrived security issue on iOS 7? Maybe. But I don't think so. —PING!


Apple iOS 7 Security Ping!

If you want on or off the Mac Ping List, Freepmail me.

17 posted on 09/20/2013 7:43:18 PM PDT by Swordmaker (This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

I did my iPad yesterday, and so far there is only one issue I don’t like; the lack of a search box in my music library in the new iTunes . No problems at all with the phone..


18 posted on 09/20/2013 9:54:06 PM PDT by cardinal4 (Barack Barry Hussein Soetoro Obama, America's first woman president..)
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton
Wow if a Microsoft product was this buggy and insecure it would be all over the place.

For once, I agree with you: Buggy and insecure Microsoft products are all over the place... '-)

19 posted on 09/21/2013 6:34:14 AM PDT by TXnMA ("Allah": Satan's current alias... "Barack": Allah's current ally...)
[ Post Reply | Private Reply | To 1 | View Replies]

To: for-q-clinton

“Wow if a Microsoft product was this buggy and insecure it would be all over the place.”

It requires physical access to the device. Any Windows PC data that’s not encrypted is vulnerable if you have physical access to the computer.

Regardless, Apple will get it fixed soon I’m sure. ;-)


20 posted on 09/21/2013 12:32:13 PM PDT by PreciousLiberty
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker

“...As I said, it’s bogus.”
******************************************************
Yes, it is indeed a bogus “security flaw”. But at least it gives another opportunity for Apple haters, like moths drawn to the light, to come and take shots at Apple products.


21 posted on 09/21/2013 3:54:31 PM PDT by House Atreides ( D)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Swordmaker

This exploit revolves around the access to Control Center from the lockscreen. My brand new iPhone 5S came out of the box with the toggle set to allow control center in lock screen. While it is handy to have access there, it should come default set to NOT allow control center in lockscreen. Problem solved.

Oh- ans last night I was notified of an update for my iPhone 5S (iOS 7.0.1). It is primarily for a bug some experienced with using fingerprint scanning to authenticate app store and itunes purchases.


22 posted on 09/21/2013 5:05:08 PM PDT by TheBattman (Isn't the lesser evil... still evil?)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Swordmaker

http://arstechnica.com/apple/2013/09/new-ios-7-bug-lets-you-make-non-emergency-calls-from-the-lock-screen/

This second bug doesn’t require any user to downgrade security first. It’s on video at the link.

Why is it so hard for you to admit that Apple (like every other software company anywhere) ships with bugs? It’s not like anyone here has accused Apple of being bad (or even worse that its competitors) when it comes to bugs? The only statement anyone made on this thread (that I saw) is that other companies would have faced (unwarranted) media attention for these bugs. You seem very defensive about a very normal occurrence in the tech industry...


23 posted on 09/22/2013 6:19:16 AM PDT by Charles H. (The_r0nin) (Hwaet! Lar bith maest hord, sothlice!)
[ Post Reply | Private Reply | To 16 | View Replies]

To: Swordmaker
In other words, it REALLY isn't secure to begin with if you allow bypassing screen locking!. That's exactly what this is describing: unlocked, bypassed screens! What do they expect if they TURN OFF SOME OF THE SECURITY???? Default is screen locking on.

That's not quite correct - the default is to require a screen lock passcode, yes. And obviously, if you choose not to use a passcode, then why would you complain about lock screen security?

However, the default setting for Control Center is "Access on Lock Screen" to be enabled. (Notification Center similarly defaults to being available from the lock screen.) In that respect, the default behavior is to use a passcode for the lock screen, but to bypass it for some functions. An exploit that allows access to the full phone or even partial data that uses that would indeed be a security bug that needs addressed.

That said, the more secure option in the first place is to disable Notification Center and Control Center from the lock screen in Settings.

24 posted on 09/23/2013 6:15:44 AM PDT by kevkrom (It's not "immigration reform", it's an "amnesty bill". Take back the language!)
[ Post Reply | Private Reply | To 16 | View Replies]

To: dfwgator

Always wait for the second service pack, regardless of the OS.

Don’t use this one, (snicker) http://www.telegraph.co.uk/technology/apple/10330414/iOS-7-users-destroy-iPhones-after-fake-waterproof-advert.html


25 posted on 09/27/2013 6:34:55 AM PDT by READINABLUESTATE ("If guns cause crime, there must be something wrong with mine." -Ted Nugent)
[ Post Reply | Private Reply | To 2 | View Replies]

To: papertyger

Barney Frank is on the user interface?? Eeew!


26 posted on 09/27/2013 6:40:04 AM PDT by COBOL2Java (I'm a Christian, pro-life, pro-gun, Reaganite. The GOP hates me. Why should I vote for them?)
[ Post Reply | Private Reply | To 7 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson