Security
|
9/19/2013 @ 2:29PM |67,728 views
iOS 7 Bug Lets Anyone Bypass iPhone's Lockscreen To Hijack Photos, Email, Or Twitter
Forget the debate around the security or insecurity of the iPhone 5s’s fingerprint reader. The latest version of the iPhone’s operating system currently offers a gaping hole in its old-fashioned passcode lockscreen.
Jose Rodriguez, a 36-year-old soldier living in Spain’s Canary Islands, has found a security vulnerability in iOS 7 that allows anyone to bypass its lockscreen in seconds to access photos, email, Twitter, and more. He shared the technique with me, along with the video above.
As the video shows, anyone can exploit the bug by swiping up on the lockscreen to access the phone’s “control center,” and then opening the alarm clock. Holding the phone’s sleep button brings up the option to power it off with a swipe. Instead, the intruder can tap “cancel” and double click the home button to enter the phone’s multitasking screen. That offers access to its camera and stored photos, along with the ability to share those photos from the user’s accounts, essentially allowing anyone who grabs the phone to hijack the user’s email, Twitter, Facebook Facebook or Flickr account.
I tested the technique on an iPhone 5 running iOS 7, and it worked. Rodriguez’s video shows it working on an iPad, too. It’s not yet clear if the same exploit can bypass the lockscreen of an iPhone 5s or 5c, but Rodriguez tells me he believes it will. I’ve reached out to Apple for comment and I’ll update this post if I hear from the company. Update: A spokesperson from Apple tells me that the company “takes security very seriously and we’re aware of this issue. We’ll deliver a fix in a future software update.”
Rodriguez has a track record of finding lockscreen bypass bugs in iOS, many of which he says he dug up while killing time in his old job as a driver for government officials. “I had a lot of time to look at the scenery, break the phone or write poetry while waiting for my boss, and I don’t write poetry and already knew the landscape by heart,” he tells me via instant message and Google translate. So he spent hours “trying everything that goes through my head…I submit my iPhone to cruel methods of torture.”
Rodriguez found a trick to bypass the lockscreen of iOS 6.1.3 in March, and then another one in iOS 7 beta. Though that beta bug was fixed in later versions of iOS 7, Rodriguez was able to find a new one within an hour of downloading the latest iPhone operating system by adapting tricks that worked on iOS 5 and 6. (He also tells me that this will be his last “hunting trip” for iPhone lockscreen bugs, as he has a new office job that demands more of his time.)
The latest version of iOS patches 80 security vulnerabilities, according to a post on Apple’s security mailing list. Clearly the company’s security team also missed a big one.
Update: A reader points out that anyone hoping to avoid this vulnerability until Apple issues a fix can prevent control center from appearing on their lockscreen by accessing “settings,” then “control center.” Some users are also reporting the trick isn’t working on their phones and tablets, though it may just take a little finesse to figure out the timing.
—
Follow me on Twitter, and pre-order the upcoming paperback edition of my book, This Machine Kills Secrets: Julian Assange, the Cypherpunks, and Their Fight to Empower Whistleblowers, a New York Times Book Review Editor’s Choice.
Related on Forbes:
-
Classic Apple
-
Awesome NSA Backdoor! LOL
-
This is only an issue if the user doesn’t set pass code to be required immediately. If you set pass code for 5 minutes, this hack can be used in 5 minutes.
-
If that’s the case, then this won’t be a hack at all! The phone can be unlocked without passcode within 5 minutes anyway.
-
OMG, I wish you hadn’t told me this. Now I have to kill myself.
-
Okay, tried this, but you have to have those certain app’s open. I got into the app selection screen, but when I tapped on Mail, or Safari, etc, it didn’t work, so it must only be on certain apps… Turn off the option to have it on the home screen, or just close all your apps before you lock the phone!
-
On my iPad Mini, I got as far as the multitasking screen, but couldn’t get into any of the apps – tapping on them did nothing. So I could see which apps were in use, but not any data from them – even the previews were greyed out.
-
Wow, this is absolutely the worst bug that could be found, as Apple put a lot of work on the lockscreen. This put our privacy at high risk, as the trick is doable with just a few tryouts. It’s incredible how our security is sometimes overlooked by companies.
-
It’s bogus. The phone is not actually locked. He only put the screen to sleep. I’ve tested this on several phones already. It works as shown (and even easier than shown) when the phone has not actually locked. However, once the passcode lock activates, it doesn’t work… and I’ve tried over and over and over for the last 30 minutes just to be sure I’m following the steps exactly. It goes right back to the locked screen IF the phone is actually locked.
The person in the video leads you to believe the phone is locked because he shows it locked in the beginning. However, he does not go back to show that it is actually locked after that.
-
Are you kidding me? you obviously haven’t heard of a software development cycle…no one – I repeat no one gets it perfect the first time…this is brand new software, and its going to have bug, and Apple will fix these bugs…if you have that much sensitive data, turn on Siri, and enable lock screen for everything. This is a NORMAL part of software development, that’s what patches and updates are for!!
-
Like someone is going to hack the iPhone in my pocket, without me feeling it. Apple will have an update in days, just don’t lose your phone till them.
-
Even more reason for #IChooseBlackberry10 :)
-
We found a potential work around at the office today. Select General, Accessibility, Accessibility Shortcut – turn on assistive touch. It will either bring you back to the home lock page or turn on the assistive touch soft button. We have not been able to hack around it.
-
With Siri disabled, I am able to duplicate this hack. If Siri is enabled, this hack doesn’t appear to work. Quick fix: Enable Siri.
-
If you want it to go away then just turn the control center off for the lock screen. It is clearly marked under the settings for the control center. Quit being lazy and “waiting for a fix” geez!
-
Dear Andy Greenberg,
Please check your settings under Settings>General>Passcode Lock.
If your Passcode Lock is NOT set to Immediately, you will be able to do this over and over and over again without having to type in a code.
There are 2 separate timers when you put your screen to sleep.
1. How much time before the display goes to sleep – i.e. 30 seconds, 1 minute, 2 minutes, 5 minutes, etc.
2. How much time AFTER your display goes to sleep do you want your security lock to activate – i.e. Immediately, after 1 minute, after 5 minutes, after 15 minutes, after 1 hour, after 4 hours.Watching the video, I have to say that this video is bogus. Even though Mr. Rodriguez shows the lock screen in the beginning, he does not show that the phone is actually locked again AFTER putting it to sleep. He even goes as far as to go into Settings, but he shows you the About screen — not his actual phone settings. Then, he allows the viewer to ASSUME it is locked because he clicked on the sleep button. If the phone is not actually locked, all you have to do is one of two things:
1. EASIEST – Swipe the “Swipe to Unlock” bar, and it will take you right to your desktop.
2. COMPLEX (and SEEMINGLY SECRETIVE) – Open your Control Panel OR your Notification Center, open any app from there, and click on the home button. It will take you to your desktop.Now, what Mr. Rodriguez did is add a few steps to make it seem even more covert. He added the “Specifically open Alarm Clock, hold the power button for 2 seconds to shut off phone, select cancel, and double-click on the home button to bring up the multitask screen.”
If your phone is not actually locked… you can do this as many different ways as you choose.
I’m not saying there are no glitches in the new iOS, but this one does NOT appear to be one of them.
-
The video is falsely trying to make you believe that there is a security issue that doesn’t really exist. His phone isn’t actually going into passcode lock in the 2nd attempt. He didn’t show you that his passcode lock time wasn’t set to immediate and I would bet that when you tried to reproduce this yours wasn’t either. All of the motions that were done to show that there was a security glitch were purely for show. He could have just done the slide to unlock without entering his passcode as well. I tried to do this with my iPhone with my passcode set to immediate and was not able to bypass security. I think you were misled by Mr. Rodriquez or he was using an earlier version of the beta which did have a passcode security issue.