Skip to main content

iOS security issue [note]

Hi, Seth here.  Just woke up to find more than a few comments, emails, Tweets, etc on this post and its inaccuracy.  It turns out that the author was wrong on his take and hadn’t done due diligence before posting this.  I am sorry for that.

The change in behavior is that you didn’t before have full camera roll access from the lock screen; now Apple has allowed access.  But importantly, only if you’ve unlocked your iPhone within the prescribed amount of time in “require Passcode’ time settings.  Our writer had a delay in the lock screen which allowed him access after unlocking within that time. He wasn’t trying to fool anyone, he just made a mistake and published without doing due diligence.

I am reviewing what to do about this situation.  Your trust is important to us and I know we’ve lost some of it today.




Apple during yesterday’s iPad unveiling has also announced and released the iOS 5.1 update for iPhone, iPad and iPod touch. The software brought out new features such as Siri in Japanese, the ability to delete individual images from your Photo Stream and redesigned camera access on the lock screen, to name a few.

The new button, as we reported last month, now acts as a slider allowing for even faster access to the Camera app. It’s pretty straightforward: Simply slide the camera button up and the entire lock screen elegantly pushes upwards and out of view, revealing the Camera app beneath. To get back to the lock screen, simply swipe down from the top edge of the screen.

Now, when using the Camera app, you can also tap the lower left icon or swipe to get to the gallery with only the snaps taken in the current session. The problem is, Apple’s camera slider implementation has some security implications letting others get access to your locked device under certain circumstances.

More on this and a remedy right below.

[youtube=http://www.youtube.com/watch?v=wMd4gSYYGPE]

Provided you’ve reached the image gallery by tapping the lower left icon in the Camera app (see the screenshot below), you could then simply hit the home button to get straight to the home screen and gain full access to the locked device. Making matters worse, the gallery displays all the pictures in your camera roll rather than just the ones taken in the current sessions. It was just the opposite previously, a security measure which protects your entire photo library from prying eyes while still allowing your friends to pick up your device to shoot a clip or take a few quick stills.

IMPORTANT NOTE: When getting to your gallery by swiping in the Camera app, images are filtered out correctly and hitting the home button takes you straight back to the lock screen. Now, it seems there is some logic to this inconsistencies. According to a post by James Woods, this discrepancy could actually stem from how you updated your device to iOS 5.1 in the first place:

First off, as @simonktng pointed out to me, if you didn’t have the passcode enabled when updating you won’t have any trouble. If you decide to enable the passcode post update then all will work as it is meant too. Secondly, if you did have the passcode enabled and now find it can be bypassed by the method above then there is a simple fix. Simply disable the passcode and re-enable it! Worked for me.

Also, as pointed out by @ericklaporte, if you have set your device to immediately require a lock code in Settings > General > Passcode Lock > Require Passcode, it works as it should. If it’s not set to immediately require passcode, you will be able to see all your images when going to your gallery from the Camera app.

Apple and Google are also both being criticized for weak privacy controls resulting in rogue third-party apps being able to suck out users’ entire image collection with geotags into the cloud, without their consent. It’s possible because iOS and Android lack security prompts akin to those seeking users’ explicit approval prior to retrieving their geographical location. Another interesting “feature” of iOS 5.1: Updated AT&T network indicator. The change tweaks the carrier logo on your device so it advertises AT&T’s HSPA+ network as 4G rather than 3G, as before.

Tap this icon to go to your gallery and then hit the home button and you’ll be taken straight to the home screen rather than back to the lock screen. This only happens if you did not set your device to immediately require a lock code in Settings.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Seth Weintraub Seth Weintraub

Publisher and Editorial Director of the 9to5/Electrek sites.


Seth Weintraub's favorite gear