Hot on the heels of news that a crowdfunded competition aims to figure out if the fingerprint security implementation on Apple's iPhone 5s can be exploited comes news of a proven security risk, squarely involving iOS 7. The exploit specifically involves the lockscreen, the most common piece of security that stops some unauthorized individual from gaining access to anything important on your phone.
The "hack", if you want to call it that, is simple: Swipe up on the lockscreen to enter the control center, and then open the alarm clock. From there, hold the phone's sleep button to bring up a prompt that will ask you if you wish to shut down, but instead of doing that, hit the cancel option, and then tap the home button to access the phone's multi-tasking screen.
With access to this multi-tasking screen, anyone could try opening up what you've already had open on your phone. If you had Twitter open, for example, this person might be able to pick up where you left off and post on your behalf. Or, they could access the camera - and of course, every single photo stored on the phone. This is definitely what I'd consider a significant security risk.
Around the Web, there's proof that this exploit does in fact exist, with many users backing that up. However, there do seem to be limitations to what can be done once access is granted. Some apps still might not accessible, for example, and so far, there doesn't seem to be much rhyme or reason to what's accessible. What is a certainty though is the fact that Apple is sure to be rather quick in patching this bug up. I'm not sure I'd go as far as to call the bug "critical", but when someone can access your photos and Twitter with just a couple quick swipes and taps on the screen, it sure isn't minor.
So lets tell everyone how to do it. Smart.
you mean a website who's sole purpose is to inform people about hardware, informed people about hardware? The madmen!
Heh... JLB, too funny. DJ, relax. It's public information now and don't you think it's a good idea to make it known so Apple can close the hole?
Editor In Chiefhttp://hothardware.com
It's good to reveal information like this so that users of these devices can be aware of them. I'd rather be aware of a major exploit that plagues the phone I bring everywhere rather than be oblivious to it.
Plus, as Dave says, this assures a quick patch-up on Apple's part.
I hate ios7 period! It's absolutely horrible I don't know what they were thinking did no one test this OS internally? Did no one stand up to the designer and say "hey you are making it cumbersome to use, oh and there is a lockscreen exploit"...
I love the iPhone for the software updates! I hate the iPhone for not allowing you to revert to previous versions!
Ok so I can verify that the exploit works on my ip5 however once it opens up the multitasking not only do the tiles not show previews of what I have open (including my photos) but it doesn't let me click and only ANY of the tiles except for the alarm which I already had access to from the lockscreen. The only harm I am seeing is someone can see what apps I was using last... It's still needs fixing but im not saying any way to do anything bad or get any info from this exploit?
It's app-specific. I've read elsewhere that Twitter is accessible, as is the email client (and camera as mentioned in the post).
it is good complement for the touch id ..
RobW; ok so it does give you access to the camera app but not the opened my photos app but if the person had the camera open you can open it and go to all the photos from there... That is a very bad thing yes!!!!!! It doesn't give access to the mail client thank god, and luckily I don't use twitter.
I don't understand how users can find this exploit in a day but not apple after months of "testing"
NEWS TIPS |
This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or hisassociates. All products and trademarks are the property of their respective owners. All content and graphical elements areCopyright © 1999 - 2013 David Altavilla and HotHardware.com, LLC. All rights reserved. Privacy and Terms