iOS 7 lockscreen hole discovered already - all your private photos could end up online!

Filed Under: Apple, Data loss, Featured, iOS, Privacy

Serial iOS bug finder videosdebarraquito has struck again.

He found a bug in the iOS 6.1.3 lockscreen, almost as soon as that update was published (an irony, given that the main purpose of 6.1.3 was to fix various lockscreen flaws).

Now he's made a video of himself bypassing the lock on just-released iOS 7.

(I've given you more than enough to find the video if you want. But I haven't provided a direct link here. Call me an old-school wowser. I can take it.)

Lock screens have a chequered security history, with Android having its recent share of problems, too.

The main reason is complexity, one of security's mortal enemies.

You can understand why some exceptions to a phone lock might be desirable, or even required by the regulators: the ability to call the emergency number, no matter what, for example.

Similarly, a clock is handy when the phone is locked, as well as an indication of whether there's network service available should you want to make a call.

So some "special case" programming is needed in phone lock software, which inevitably means more to go wrong with the part that implements the actual lock.

But functionality to check whether you've just dialled the three digits 112, 999, 000, 911, or some other well-known emergency number, and to update a digital clock once a minute, is a far cry from the feature set implemented by the average lockscreen app on a modern smartphone.

We're no longer content to have our phones locked: we want them locked, except for a huge raft of features.

In truth, the phone isn't locked at all - the lockscreen app typically requires and makes extensive use of access to the network and the filing system, plus the ability to interact fully with the user.

Worse, we're not content with just seeing general information on our lockscreens, like the latest weather and news headlines, but are happy for our "locked" phones to continue disgorge information of a more personal nature, such as posts to your Facebook wall, Tweets we're mentioned in, and more.

And heaven forfend that we ever have to fumble with the phone lock before we are able to snap a photo!

Apple addressed these issues in iOS 7 with what it describes as a feature, but that I consider a bad idea from the start. (Call me an old-school wowser. I can take it.)

It's called Control Center, and it flies under the banner that "some things should only be a swipe away. And now they are."

Control Center gives you quick access to the controls and apps you always seem to need right this second. Just swipe up from any screen — including the Lock screen — to do things like switch to Airplane mode, turn Wi-Fi on or off, or adjust the brightness of your display. You can even shine a light on things with a new flashlight. Never has one swipe given you so much control.

Sadly, that one swipe, combined with some dextrous fingerwork, gives videosdebarraquito so much control that he can access your photos via a backdoor entrance.

It seems he gets from the lock screen to the control center, from there to the alarm clock, and from there, by means of some deft fingerwork - described in his video as "double click on the home button, but the second click is slightly stretched" - into your photo gallery.

Now he can do whatever you could do with your photos if the phone were unlocked: look at them, delete them, upload them and post them on social networking sites.

Let's hope that Apple fixes this bug quickly.

In the meantime:

  • Reduce the functionality available from the iOS 7 lockscreen, notably turning off access to the control center.
  • Don't take photos of a genuinely personal or private nature on your phone. (Call me an old-school wowser. I can take it.)

, , , , , ,

You might like

22 Responses to iOS 7 lockscreen hole discovered already - all your private photos could end up online!

  1. Crispin · 346 days ago

    Old school wowser ;-)

    • Paul Ducklin · 346 days ago

      And proud of it :-)

      (I do own a pair of iFROGZ headphones, so I am *cool*, you understand? Don't assume that being an old-school wowser makes me wear socks with my sandals and put milk and sugar in my coffee.)

  2. Ben · 346 days ago

    Surely you can access photos anyway from the control centre without any funny business because photos are one of the things that you are given access to via the camera app?

    • Paul Ducklin · 346 days ago

      But I don't think you're supposed to be able to do all that stuff when the phone is locked. Sorry, when the phone is at the lock screen.

      (And if you are, then that is a bug anyway :-)

    • Ernest · 346 days ago

      In iOS 6, the camera from the lock screen did not show all of your photos, only the ones which you just took from the lock screen. This is the minimum line I expect from iOS 7, and won't upgrade until an updated version is available.

      • EdT. · 345 days ago

        iOS 7 appears to have the same behavior as 6 in this regard.

        • Tom · 345 days ago

          Correct EdT... this article is BS.

          • Paul Ducklin · 345 days ago

            That's still a bug, surely?

            (You are saying that when the lockscreen is on, someone should be able to upload stuff on your behalf? Isn't that a curious interpretation of "locked"? If you could drive a locked car, even if you couldn't get out of first gear, that would be "unlocked", would it not? Isn't it the same thing here?)

          • Chris · 344 days ago

            If you dont exploit the bug then yes, only the pictures you took from the camera while on the lock screen are accessible. I have tried doing this exploit on my phone, however, and by doing it I was able to access all of my photos. Thats why this is a bug, the article is not bs and people should be aware of this. I only have pictures of my cat as well as memes I send to friends when appropriate so I dont really care if anyone goes through my pictures.

  3. ManicMongoose · 345 days ago

    "Don't take photos of a genuinely personal or private nature on your phone." That's just best practice period. In this day and age it's not like old Polaroids where if they got out its limited distribution and you have a chance of getting them all back, once they hit the Internet it's game over and your smartphone is almost always connected to the Internet these days.

  4. Major Bawls · 345 days ago

    Really nothing new. I was able to do about the same thing when iOS 6 was delivered. Remember being able to access the camera from the lock screen?

  5. Tom · 345 days ago

    just tried.. Yes, you CAN see the photos through the camera app in the lock screen but the ability to share them is gone. How many of you lock your phone anyway? Isn't this feature to take photos from lock screen also on android and it also gives access to your photos?

  6. tom · 345 days ago

    OK.. actually i tried it from the lock screen without a passcode. If you HAVE a passcode your photos cannot be accessed. Try this people before you post it!

    • Paul Ducklin · 345 days ago

      That's not what the video seems to show...can you double check you did the same trickery?

    • Andrew · 345 days ago

      There is a process that exploits a hole in the programming. Its not just going to the camera and wallah, you have to do a few things and then you can see the photos.

      The whole point is that you would like to think that locking your phone would deter someone from stealing your phone (which it wont). AAAND in the case of someone stealing your phone, they wont have access to your private info, photos, etc. Well they can with this short and pretty simple "process", so thus: This is a bug.

  7. Mistrex · 345 days ago

    But why when I click on the photo's it says no photo's or video's until I unlock :S I don't understand.. :

  8. Guest · 345 days ago

    Safest solution is not to have a 'smart phone' that is anything but 'smart'. Next best security solution is the OFF switch.

  9. Andy · 345 days ago

    What the hell does 'old-school wowser' mean?

    • Paul Ducklin · 345 days ago

      old-school: relatively uninfluenced by the latest trends.

      wowser: a killjoy.

  10. Chris · 344 days ago

    I think a lot of people are missing the point of this article so let me explain. When working normally and when your phone is locked you can take pictures from the lockscreen and then when you view your photo album only those pictures you took while in the lockscreen are available, not the rest of your photos. Then when you unlock the phone it resets to having no photos available on the lockscreen. This exploit (which I have tested for myself and can confirm that it works) allows someone to bypass that security feature. I won't explain how to do it, but basically this person found a way to open up the task manager on the iphone from the lock screen, then from the task manager you are able to open up the unprotected camera app which then allows you to go into the photo album and look at the photos without any restrictions. All of this is done without ever unlocking the phone.

    Now I would suggest that if you have photos that you don't want people to see you turn off control center on the lockscreen because exploiting this bug is very easy to do.

  11. Connie T · 344 days ago

    Seems like if people would stop losing/forgetting their phones this wouldn't be a problem. Im certainly not afraid of anyone who currently may have physical access to my home/my phone doing anything strange with my data. I dont actually use my phone to take pictures, because I own a camera for that purpose, but that's beside the point.

  12. And that's why I didn't update to iOS 7, admittedly mainly because it look terrible, but new security flaws always arise.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog