Thursday, September 19, 2013

iOS 7 Lock Screen Vulnerability Discovered, Gives Access To Photos And Social Sharing

Vulnerabilities in Apple’s iOS lock screens have become a fixture of new iOS releases over the past few years. And iOS 7 is not exempt, as a new method for bypassing the passcode on a lock screen has been discovered by idle hands and reported by Forbes’ Andy Greenberg. The lock screen bypass method involves sliding up Control Center, tapping on the timer button, holding down your power button until the cancel option comes up. You then tap on the cancel button then double-tap the home button. This gives you access to the multitasking UI. While most apps are locked out, the Camera option is accessible.
This allows you to access the camera interface, but with the ability to scroll through all of the user’s photos, not just the ones shot in the time since the phone was last locked — in the manner that the camera has worked for some time now. Not only can you scroll through the photos, but you can also tap on the share button to send photos out via email or social channels like Twitter or Facebook. So once you’re in you can post photos to flickr or send them via email. Though Greenberg characterizes this as ‘hijacking’ those accounts, that seems a bit dramatic. Still, there is potential for embarrassment or harm if sensitive (ahem) photos get stolen or shared out through your social accounts. The bypass method has been verified by us to work properly, and to not be overly difficult to execute. It took me about 3 tries to get it right on an iPhone 5 running iOS 7. As Greenberg notes, it’s hard to tell whether this works on an iPhone 5C or iPhone 5S as of yet. Note that this vulnerability is incredibly easy to prevent for now. Just visit Settings>Control Center and toggle off ‘Access on Lock Screen’ to patch it up. The discovery was made by Jose Rodriguez, a soldier in Spain’s Canary Islands, who has a history of discovering these tricky bypass methods. His secret? Plenty of time waiting in cars in his former job as a driver for government officials. We’ve reached out to Apple for more information on this and when a fix might be available. We will update this story if we receive a reply. With past vulnerabilities, a software fix has come in a ‘point’ release of iOS 7. iOS 7.0.1 is already floating out there and contains a fix for Apple’s TouchID fingerprint scanner. So any fix for this would likely come in iOS 7.0.2 or later. Apple has added a variety of security features to iOS 7 including Activation Lock, which renders stolen phones unusable, even if they’re wiped. But it looks like it needs another lock screen audit, just to be sure.

No comments:

Post a Comment