or Connect
AppleInsider › Forums › Mobile › iPhone › Bug in iOS 7 allows calls to be placed from locked iPhone
New Posts  All Forums:Forum Nav:

Bug in iOS 7 allows calls to be placed from locked iPhone - Page 2

post #41 of 114
Quote:
Originally Posted by 512ke View Post
 

It's a good catch, and good that Apple will fix it quickly.

 

If you download a brand new operating system, you have to be willing to deal with little glitches.  It's to be expected.

There is no way this should be acceptable, but this type of thing is hardly unique to Apple. 

 

It reminds me of the joke about the car built by Microsoft.  After having to put up with an insane number of inconveniences, the jokes ends with the line "For some strange reason, you would accept this."

 

Yes, it will be fixed quickly, but the big question is, why did not developer or beta tester find this before?

post #42 of 114
Quote:
Originally Posted by Conrail View Post

There is no way this should be acceptable, but this type of thing is hardly unique to Apple. 

It reminds me of the joke about the car built by Microsoft.  After having to put up with an insane number of inconveniences, the jokes ends with the line "For some strange reason, you would accept this."

Yes, it will be fixed quickly, but the big question is, why did not developer or beta tester find this before?

Why didn't someone find this previously?

The reason no one found this is because the sequence of required actions is entirely outside of any expected workflow including user errors. This is an intentional exploit found by someone who wanted to become infamous for discovering an vulnerability in iOS 7. No reasonably expected set of actions would exploit this vulnerability.

Further, why would someone else have my iPhone in the first place; other than my family who I trust? Even if someone had my iPhone, why would I not remotely wipe the iPhone and report the theft to authorities?
post #43 of 114
Quote:
Originally Posted by MacBook Pro View Post

Why didn't someone find this previously?

The reason no one found this is because the sequence of required actions is entirely outside of any expected workflow including user errors. This is an intentional exploit found by someone who wanted to become infamous for discovering an vulnerability in iOS 7. No reasonably expected set of actions would exploit this vulnerability.

Further, why would someone else have my iPhone in the first place; other than my family who I trust? Even if someone had my iPhone, why would I not remotely wipe the iPhone and report the theft to authorities?

A good testing team would allow people to deviate from scripts. Anyway they may have known about it. I said this is a late beta because it was forced to be released to hardware release dates, not - like proper software releases - when the criteria for release was met and there were no showstoppers P1s and P2s. OS X is released that way. (Although 10.0 wasn't). Mavericks was more stable to begin with and is not released yet.
I wanted dsadsa bit it was taken.
Reply
I wanted dsadsa bit it was taken.
Reply
post #44 of 114
Quote:
Originally Posted by chabig View Post
 

Why go through this trouble when you can use Siri to call any number while the phone is locked?

 

Or dial any number you want with the "dial"command.  But this is not a bug either.   "Siri" is one of the options under "Allow access when locked"  Easily disabled.   

post #45 of 114
Was the person in this video stupid enough to show their own phone number in a video on You Tube?
post #46 of 114
Quote:
Originally Posted by DCGOO View Post

Or dial any number you want with the "dial"command.  But this is not a bug either.   "Siri" is one of the options under "Allow access when locked"  Easily disabled.   

That's why I love AI ... I learn something every read ... Thanks for that tip.
Been using Apple since Apple ][ - Long on AAPL so biased
nMac Pro 6 Core, MacBookPro i7, MacBookPro i5, iPhones 5 and 5s, iPad Air, 2013 Mac mini, SE30, IIFx, Towers; G4 & G3.
Reply
Been using Apple since Apple ][ - Long on AAPL so biased
nMac Pro 6 Core, MacBookPro i7, MacBookPro i5, iPhones 5 and 5s, iPad Air, 2013 Mac mini, SE30, IIFx, Towers; G4 & G3.
Reply
post #47 of 114
Quote:
Originally Posted by asdasd View Post

A good testing team would allow people to deviate from scripts. Anyway they may have known about it. I said this is a late beta because it was forced to be released to hardware release dates, not - like proper software releases - when the criteria for release was met and there were no showstoppers P1s and P2s. OS X is released that way. (Although 10.0 wasn't). Mavericks was more stable to begin with and is not released yet.

No. In my experience working extensively with testing teams, the testing teams should not deviate from test plans. If the testing team is deviating from the test plan then the test plan is not well designed. Nevertheless, the sequence of actions is entirely unpredictable by any reasonable and customary user actions.
post #48 of 114
Can't reproduce this on my iPhone5 with iOS7. It just keeps saying 'Emergency Calls Only'. I have no control center on the home screen, maybe that influences it?
post #49 of 114
Originally Posted by ClemyNX
"If you could call only one number why not only have a 911 button"
Because there are many countries where several emergency numbers exist, like in Europe where you have several numbers for firefighters, ambulance, police, and European emergency number 112.

 

Apparently you’re illiterate or just unwilling to read my posts in the first place yet then believe you have any right to reply to them. I’ll say it again: My statement blatantly implies that the button would be either general use or change depending on the area in which you live, but no, let’s go completely ignore the point and focus on that part of it.

 

And no, I don’t live in Cuba.

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #50 of 114
Quote:
Originally Posted by MacBook Pro View Post

No. In my experience working extensively with testing teams, the testing teams should not deviate from test plans. If the testing team is deviating from the test plan then the test plan is not well designed. Nevertheless, the sequence of actions is entirely unpredictable by any reasonable and customary user actions.

Apple used to not use scripts or test books. If you don't allow testers to play about all they can do is follow the test book which assumes the test book writer has written all possible happy and non happy paths into his book. which he won't have done. Particularly for fast changing software. It's impossible.
I wanted dsadsa bit it was taken.
Reply
I wanted dsadsa bit it was taken.
Reply
post #51 of 114
Quote:
Originally Posted by asdasd View Post

Apple used to not use scripts or test books. If you don't allow testers to play about all they can do is follow the test book which assumes the test book writer has written all possible happy and non happy paths into his book. which he won't have done. Particularly for fast changing software. It's impossible.

Irrelevant. The sequence of actions is entirely unpredictable by any reasonable and customary user actions.
post #52 of 114
Quote:
Originally Posted by Tallest Skil View Post
 

 

Apparently you’re illiterate or just unwilling to read my posts in the first place yet then believe you have any right to reply to them. I’ll say it again: My statement blatantly implies that the button would be either general use or change depending on the area in which you live, but no, let’s go completely ignore the point and focus on that part of it.

 

And no, I don’t live in Cuba.

 

So your fundamental argument is this:

 

If Apple intended for you to only be able to dial an 'emergency' number using emergency dial, they would without question have put only one 'Dial' button there.  Since Apple did *not* do this, this is clearly a feature and 'working as intended' and not a bug at all.

 

.........

post #53 of 114
Don't know for sure, but I think that is why it is labeled Emergency Call?

If someone (unauthorized) already has your phone that is probably the least of your worries.
post #54 of 114
Not sure, but I think that is why it is labeled "Emergency Call."

If someone (unauthorized) has your iPhone, their making a call is probably the least of your worries!
post #55 of 114
Quote:
Originally Posted by MacBook Pro View Post

Irrelevant. The sequence of actions is entirely unpredictable by any reasonable and customary user actions.

Nonsense. Some one did it. After two days.

EDIT: and if you going to come back with - one person out of millions - the kind of guys who try this are a tiny fraction of total users. So a tester in apple could have found it were he allowed to.
I wanted dsadsa bit it was taken.
Reply
I wanted dsadsa bit it was taken.
Reply
post #56 of 114
Quote:
Originally Posted by agramonte View Post
 

To bad the new dialer and awful turquoise blue icons in safari and mail are not bugs also

 

Yea ok. 

:no:

 

Find something worthy of complaining about. I see nothing wrong with any of it.

post #57 of 114
Quote:
Originally Posted by DCGOO View Post
 

 

Or dial any number you want with the "dial"command.  But this is not a bug either.   "Siri" is one of the options under "Allow access when locked"  Easily disabled.   

 

"Dial" and "call" do the same thing.

post #58 of 114

I am soooo looking forward to the print reader.  I'd at least set it to auto lock after the maximum time limit, but my corp email invokes password security with instant locking on the phone, it's mandatory.  So, I have to unlock my phone countless times a day.

 

I find the new slide to unlock in 7 much better as you can slide anywhere on the screen, plus the new keypad though too simple and lackluster for me, is much easier to peck at.  Just hoping it works well, and for at least one year, till the 6 comes out!

post #59 of 114

In other news: On the 3rd lion roar in Wizard of OZ, press play on Pink Floyd's Dark Side of the Moon. Discovered this flaw the other day. 

post #60 of 114
I can't replicate any of these two flaws.
post #61 of 114
Quote:
Originally Posted by lkrupp View Post
 

Everybody I know with an iPhone does not have a passcode set and uses it unlocked because of the inconvenience of entering a PIN to unlock it. I don't use a passcode on my iPad either. The paranoids must be out in force on this tuff.

I was the same way until my iPhone was stolen and the thief had access to all my data & emails.

Please update the AppleInsider app to function in landscape mode.

Reply

Please update the AppleInsider app to function in landscape mode.

Reply
post #62 of 114
Quote:
Originally Posted by asdasd View Post

Nonsense. Some one did it. After two days.

EDIT: and if you going to come back with - one person out of millions - the kind of guys who try this are a tiny fraction of total users. So a tester in apple could have found it were he allowed to.

Are you certain this issue didn't exist previously? Perhaps this defect has existed for years. Perhaps this defect has existed since early iOS 7 betas and only now publicly released.

There are millions of 10 character permutations from the lock screen. Some have stated that they can't replicate the issue so perhaps there are other dependencies as well. Are you seriously suggesting that Apple should test all of them? If so, then should Apple test 20 character permutations and 30 character permutations?
post #63 of 114

I'm most impressed by the room light turning on the instant the iPhone crashed/rebooted/whatever. Is that a hidden feature of iOS7? Did AI reproduce that behavior as well?

post #64 of 114

There are many videos on YouTube that show this glitch existing for at least the past year.

post #65 of 114
I really don't see the issue? Per the iPhone user guide: Emergency calls
Make an emergency call when iPhone is locked. On the Enter Passcode screen, tap Emergency Call (to dial 911 in the U.S., for example).
Important: You can use iPhone to make an emergency call in many locations, provided that cellular service is available, but you should not rely on it for emergencies. Some cellular networks may not accept an emergency call from iPhone if iPhone is not activated, if iPhone is not compatible with or configured to operate on a particular cellular network, or (when applicable) if iPhone does not have a SIM card or if the SIM card is PIN-locked. In the U.S., location information (if available) is provided to emergency service providers when you dial 911.
With CDMA, when an emergency call ends, iPhone enters emergency call mode for a few minutes to allow a call back from emergency services. During this time, data transmission and text messages are blocked.
Exit emergency call mode (CDMA). Do one of the following:
• Tap the Back button.
• Press the Sleep/Wake button or the Home button.
• Use the keypad to dial a non-emergency number.
post #66 of 114
Quote:
Originally Posted by MacBook Pro View Post

Quote:
Originally Posted by asdasd View Post

Nonsense. Some one did it. After two days.

EDIT: and if you going to come back with - one person out of millions - the kind of guys who try this are a tiny fraction of total users. So a tester in apple could have found it were he allowed to.

Are you certain this issue didn't exist previously? Perhaps this defect has existed for years. Perhaps this defect has existed since early iOS 7 betas and only now publicly released.

There are millions of 10 character permutations from the lock screen. Some have stated that they can't replicate the issue so perhaps there are other dependencies as well. Are you seriously suggesting that Apple should test all of them? If so, then should Apple test 20 character permutations and 30 character permutations?

This isn't about button permutations but about the model of the input state machine, you can't get out of that model, unless there's a bug elsewhere.

In this case, this isn't a bug in the input screen, but somewhere else. Given that things crash, and then the call is placed, and since it's not an exact number of multiple presses, but a matter of QUICKLY REPEATING the key presses/button touches, what we have here with 99% probability is a race condition in the event handling system.

I'd bet if you rapidly and repeatedly press buttons elsewhere in the system you may get similar crashes and unpredictable behavior.
post #67 of 114
Quote:
Originally Posted by Tallest Skil View Post

Apparently you’re illiterate or just unwilling to read my posts in the first place yet then believe you have any right to reply to them. I’ll say it again: My statement blatantly implies that the button would be either general use or change depending on the area in which you live, but no, let’s go completely ignore the point and focus on that part of it.

And no, I don’t live in Cuba.
So what you're saying is that it's not a bug, it's a massive design flaw, indicative of a complete disregard for security on the part of Apple's engineers? That doesn't exactly present Apple in a favorable light.

Fortunately, it is a bug. If you even bother to spend 5 seconds trying it yourself, and dialing a random number into the emergency dialer, you'll quickly see that as designed, doing this simply results in a message saying "867-5309 is not an emergency number." So the programmers, in fact, were not stupid enough to deliberately make any arbitrary number dialable from the lock screen. It's just a bug. Which is good, because if they actually were clueless enough about security to make the lock screen worthless on purpose, they'd all deserve to be fired.
post #68 of 114
Quote:
Originally Posted by Conrail View Post
 

There is no way this should be acceptable, but this type of thing is hardly unique to Apple. 

And how exactly do you propose a method to detect every single bug in a highly complex piece of software? Have you solved the Halting Problem?

post #69 of 114

Tried to reproduce on my new IP5S running iOS7.0.1 and regardless of how slow/fast or number of times I press call, I can't get the emergency call screen to error out. All I get is a consistent "emergency calls only" at the top of the screen,

 

Then I tried the same thing on my spouse's IP5 running iOS7.0 and BINGO, within a few seconds I got the reboot and sure enough by the time the IP5 rebooted, the number (I was calling my IP5S) was ringing.

 

So, this bug is either fixed in iOS7.0.1 OR the IP5S hardware is handling the repeated "call" actions fast enough to prevent the error.

 

david

post #70 of 114
What I find amusing is that the particular bug is so odd ball in how it is done that few would have caught it if it hadn't been posted all over the blogs. Thus Apple might have caught it and fixed it before it went public.

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply
post #71 of 114
Just practicing my list of likes and gripes

Like new control options and dynamic motions

A link to Settings would be good on control centre

Finding it much harder to read things in bright light

Don't like frosted glass in the home screen, translucent is better

Don't like background colour of folders. Spoils effect of wallpapers. Text hard to read.

Why limit page 1 of folder to 9 icon when there's room for 12 or maybe 15.

Just harder to read things all round. Text, labels hard to read.

Can hardly see the phone app in bright light

The desktops should go round in a loop

The favourites icon bar should scroll, like the desktops, but independently

Basically, functionality yes look and feel no

The notification centre could be more interactive, drill into detail without leaving the centre.

Keyboard should shrink when I stop typing in a comment box and scroll back through the text and rise again if I hit a key

Don't like that home screen looks like a book for teaching babies the alphabet

Learn More links in Settings have no text

My prediction, there will be a Clasic look and feel option by 7.3. Readability is really degraded to my eyes.

See what day two conjures up
post #72 of 114

I have an iPhone 5s on 7.0.1 and can replicate the bug. 

post #73 of 114
Quote:
Originally Posted by asdasd View Post

Nonsense. Some one did it. After two days.

EDIT: and if you going to come back with - one person out of millions - the kind of guys who try this are a tiny fraction of total users. So a tester in apple could have found it were he allowed to.

I'd be willing to bet that if pretty much any software ever released would show up with plenty of unexpected glitches if it were subject to this much popularity, and this much recognition for finding obscure bugs...
post #74 of 114
Quote:
Originally Posted by Tallest Skil View Post

Apparently you’re illiterate or just unwilling to read my posts in the first place yet then believe you have any right to reply to them. I’ll say it again: My statement blatantly implies that the button would be either general use or change depending on the area in which you live, but no, let’s go completely ignore the point and focus on that part of it.

And no, I don’t live in Cuba.

Crikey!

You're kidding right? I thought your original reply was taking the piss, but you're saying it was serious?

They obviously thought through the emergency calls only ability when they put it on....
As noted in other replies from someone with an iPhone, it won't let you call other numbers.

And for those thinking this bug is not a big deal, how about if the number they called was a pay huge $$ per minute line, and you got a couple of thousand dollar surprise on your next phone bill?
post #75 of 114
Quote:
Originally Posted by nicwalmsley View Post

Just practicing my list of likes and gripes


Finding it much harder to read things in bright light

Just harder to read things all round. Text, labels hard to read.

My prediction, there will be a Clasic look and feel option by 7.3. Readability is really degraded to my eyes.

Have you tried changing text to larger/bolder in settings? I've seen a couple of articles that mention that tip.

I don't see them adding a "degrade to old system" option, even if some want it. From what I can gather apple tend to be pretty definite with what they change and don't worry about keeping the minority happy.

Quote:
Why limit page 1 of folder to 9 icon when there's room for 12 or maybe 15.

Agreed. It's harder to find some apps now.
post #76 of 114
Originally Posted by iRon man View Post
As noted in other replies from someone with an iPhone, it won't let you call other numbers.

 

Yeah, so you’re another one who missed the point of my original post. Anyone else want to say as much?

 
And for those thinking this bug is not a big deal, how about if the number they called was a pay huge $$ per minute line, and you got a couple of thousand dollar surprise on your next phone bill?

 

If your phone’s stolen, you’d know, report it, and wouldn’t be charged.

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #77 of 114
Have you tried changing text to larger/bolder in settings? I've seen a couple of articles that mention that tip.

Yes that does help a little, thanks.
post #78 of 114
Quote:
Originally Posted by Tallest Skil View Post

Yeah, so you’re another one who missed the point of my original post. Anyone else want to say as much?
Everyone knows what the point of your original post was — that this is all a feature, Apple's engineers deliberately went out of their way to make it possible to bypass the security, but only if you mashed the call button like you were playing an 80s video game. The fact that the screen locks up and goes black when doing this is, presumably, a feature as well. The problem is that that is nonsensical beyond belief.

I'd like to make a bet with you. If it turns out that this is a bug, and Apple therefore patches it, then I win the bet. If it turns out that this is a feature, and Apple comes out and says that mashing the call button is supposed to get you past the emergency call restriction and let you dial non-emergency numbers from the emergency dialer, according to explicit design instructions, then you win the bet. The stakes are: loser sends the winner an amount equal to the price of a brand new retina MacBook Pro with the RAM and SSD maxed out, at such time as the new models are released. Whaddya think?
Edited by Durandal1707 - 9/22/13 at 12:50am
post #79 of 114
I have just tried on my 5 ios7, and the 'bug' works on mine too...
post #80 of 114
Quote:
Originally Posted by Tallest Skil View Post

Yeah, so you’re another one who missed the point of my original post. Anyone else want to say as much?

I'm really struggling to understand where you're coming from on this one.

I've re-read the article, and can only guess that you're taking it literally based on the wording, without referring to the original source?

"exploiting a bug in the emergency calling system that allows anyone to bypass an iPhone's passcode lock to make a phone call."

Is this what you're basing your point of view on?

That it doesn't specifically say you can call a non emergency number?

Otherwise I'm lost.

Quote:
If your phone’s stolen, you’d know, report it, and wouldn’t be charged.

Credit card companies usually do this, but not always phone companies.

A few seconds on google came up with plenty of examples...
http://m.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=10818065

http://www.telegraph.co.uk/finance/personalfinance/consumertips/household-bills/8512448/The-8200-cost-of-a-stolen-mobile-phone.html

EDIT: Added your post clarifying your original reply:
Quote:
Nope. Haven’t you always been able to make any call from there? Were it just a line into 911, there would only be one button there: “911”.

Has this not been answered for you?

That you haven't always been able to make any call from there?
Edited by iRon man - 9/22/13 at 1:56am
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
AppleInsider › Forums › Mobile › iPhone › Bug in iOS 7 allows calls to be placed from locked iPhone