Bug in iOS 7 allows calls to be placed from locked iPhone

12357

Comments

  • Reply 81 of 130
    I really don't see the issue? Per the iPhone user guide: Emergency calls
    Make an emergency call when iPhone is locked. On the Enter Passcode screen, tap Emergency Call (to dial 911 in the U.S., for example).
    Important: You can use iPhone to make an emergency call in many locations, provided that cellular service is available, but you should not rely on it for emergencies. Some cellular networks may not accept an emergency call from iPhone if iPhone is not activated, if iPhone is not compatible with or configured to operate on a particular cellular network, or (when applicable) if iPhone does not have a SIM card or if the SIM card is PIN-locked. In the U.S., location information (if available) is provided to emergency service providers when you dial 911.
    With CDMA, when an emergency call ends, iPhone enters emergency call mode for a few minutes to allow a call back from emergency services. During this time, data transmission and text messages are blocked.
    Exit emergency call mode (CDMA). Do one of the following:
    • Tap the Back button.
    • Press the Sleep/Wake button or the Home button.
    • Use the keypad to dial a non-emergency number.
  • Reply 82 of 130
    rcfarcfa Posts: 1,124member
    asdasd wrote: »
    Nonsense. Some one did it. After two days.

    EDIT: and if you going to come back with - one person out of millions - the kind of guys who try this are a tiny fraction of total users. So a tester in apple could have found it were he allowed to.

    Are you certain this issue didn't exist previously? Perhaps this defect has existed for years. Perhaps this defect has existed since early iOS 7 betas and only now publicly released.

    There are millions of 10 character permutations from the lock screen. Some have stated that they can't replicate the issue so perhaps there are other dependencies as well. Are you seriously suggesting that Apple should test all of them? If so, then should Apple test 20 character permutations and 30 character permutations?

    This isn't about button permutations but about the model of the input state machine, you can't get out of that model, unless there's a bug elsewhere.

    In this case, this isn't a bug in the input screen, but somewhere else. Given that things crash, and then the call is placed, and since it's not an exact number of multiple presses, but a matter of QUICKLY REPEATING the key presses/button touches, what we have here with 99% probability is a race condition in the event handling system.

    I'd bet if you rapidly and repeatedly press buttons elsewhere in the system you may get similar crashes and unpredictable behavior.
  • Reply 83 of 130
    Apparently you’re illiterate or just unwilling to read my posts in the first place yet then believe you have any right to reply to them. I’ll say it again: My statement blatantly implies that the button would be either general use or change depending on the area in which you live, but no, let’s go completely ignore the point and focus on that part of it.

    And no, I don’t live in Cuba.
    So what you're saying is that it's not a bug, it's a massive design flaw, indicative of a complete disregard for security on the part of Apple's engineers? That doesn't exactly present Apple in a favorable light.

    Fortunately, it is a bug. If you even bother to spend 5 seconds trying it yourself, and dialing a random number into the emergency dialer, you'll quickly see that as designed, doing this simply results in a message saying "867-5309 is not an emergency number." So the programmers, in fact, were not stupid enough to deliberately make any arbitrary number dialable from the lock screen. It's just a bug. Which is good, because if they actually were clueless enough about security to make the lock screen worthless on purpose, they'd all deserve to be fired.
  • Reply 84 of 130
    Quote:
    Originally Posted by Conrail View Post

     

    There is no way this should be acceptable, but this type of thing is hardly unique to Apple. 


    And how exactly do you propose a method to detect every single bug in a highly complex piece of software? Have you solved the Halting Problem?

  • Reply 85 of 130

    Tried to reproduce on my new IP5S running iOS7.0.1 and regardless of how slow/fast or number of times I press call, I can't get the emergency call screen to error out. All I get is a consistent "emergency calls only" at the top of the screen,

     

    Then I tried the same thing on my spouse's IP5 running iOS7.0 and BINGO, within a few seconds I got the reboot and sure enough by the time the IP5 rebooted, the number (I was calling my IP5S) was ringing.

     

    So, this bug is either fixed in iOS7.0.1 OR the IP5S hardware is handling the repeated "call" actions fast enough to prevent the error.

     

    david

  • Reply 86 of 130
    What I find amusing is that the particular bug is so odd ball in how it is done that few would have caught it if it hadn't been posted all over the blogs. Thus Apple might have caught it and fixed it before it went public.
  • Reply 87 of 130
    Just practicing my list of likes and gripes

    Like new control options and dynamic motions

    A link to Settings would be good on control centre

    Finding it much harder to read things in bright light

    Don't like frosted glass in the home screen, translucent is better

    Don't like background colour of folders. Spoils effect of wallpapers. Text hard to read.

    Why limit page 1 of folder to 9 icon when there's room for 12 or maybe 15.

    Just harder to read things all round. Text, labels hard to read.

    Can hardly see the phone app in bright light

    The desktops should go round in a loop

    The favourites icon bar should scroll, like the desktops, but independently

    Basically, functionality yes look and feel no

    The notification centre could be more interactive, drill into detail without leaving the centre.

    Keyboard should shrink when I stop typing in a comment box and scroll back through the text and rise again if I hit a key

    Don't like that home screen looks like a book for teaching babies the alphabet

    Learn More links in Settings have no text

    My prediction, there will be a Clasic look and feel option by 7.3. Readability is really degraded to my eyes.

    See what day two conjures up
  • Reply 88 of 130

    I have an iPhone 5s on 7.0.1 and can replicate the bug. 

  • Reply 89 of 130
    asdasd wrote: »
    Nonsense. Some one did it. After two days.

    EDIT: and if you going to come back with - one person out of millions - the kind of guys who try this are a tiny fraction of total users. So a tester in apple could have found it were he allowed to.

    I'd be willing to bet that if pretty much any software ever released would show up with plenty of unexpected glitches if it were subject to this much popularity, and this much recognition for finding obscure bugs...
  • Reply 90 of 130
    Apparently you’re illiterate or just unwilling to read my posts in the first place yet then believe you have any right to reply to them. I’ll say it again: My statement blatantly implies that the button would be either general use or change depending on the area in which you live, but no, let’s go completely ignore the point and focus on that part of it.

    And no, I don’t live in Cuba.

    Crikey!

    You're kidding right? I thought your original reply was taking the piss, but you're saying it was serious?

    They obviously thought through the emergency calls only ability when they put it on....
    As noted in other replies from someone with an iPhone, it won't let you call other numbers.

    And for those thinking this bug is not a big deal, how about if the number they called was a pay huge $$ per minute line, and you got a couple of thousand dollar surprise on your next phone bill?
  • Reply 91 of 130
    Just practicing my list of likes and gripes


    Finding it much harder to read things in bright light

    Just harder to read things all round. Text, labels hard to read.

    My prediction, there will be a Clasic look and feel option by 7.3. Readability is really degraded to my eyes.

    Have you tried changing text to larger/bolder in settings? I've seen a couple of articles that mention that tip.

    I don't see them adding a "degrade to old system" option, even if some want it. From what I can gather apple tend to be pretty definite with what they change and don't worry about keeping the minority happy.

    Why limit page 1 of folder to 9 icon when there's room for 12 or maybe 15.

    Agreed. It's harder to find some apps now.
  • Reply 92 of 130
    Originally Posted by iRon man View Post

    As noted in other replies from someone with an iPhone, it won't let you call other numbers.

     

    Yeah, so you’re another one who missed the point of my original post. Anyone else want to say as much?

     
    And for those thinking this bug is not a big deal, how about if the number they called was a pay huge $$ per minute line, and you got a couple of thousand dollar surprise on your next phone bill?

     

    If your phone’s stolen, you’d know, report it, and wouldn’t be charged.

  • Reply 93 of 130
    Have you tried changing text to larger/bolder in settings? I've seen a couple of articles that mention that tip.

    Yes that does help a little, thanks.
  • Reply 94 of 130
    Yeah, so you’re another one who missed the point of my original post. Anyone else want to say as much?
    Everyone knows what the point of your original post was — that this is all a feature, Apple's engineers deliberately went out of their way to make it possible to bypass the security, but only if you mashed the call button like you were playing an 80s video game. The fact that the screen locks up and goes black when doing this is, presumably, a feature as well. The problem is that that is nonsensical beyond belief.

    I'd like to make a bet with you. If it turns out that this is a bug, and Apple therefore patches it, then I win the bet. If it turns out that this is a feature, and Apple comes out and says that mashing the call button is supposed to get you past the emergency call restriction and let you dial non-emergency numbers from the emergency dialer, according to explicit design instructions, then you win the bet. The stakes are: loser sends the winner an amount equal to the price of a brand new retina MacBook Pro with the RAM and SSD maxed out, at such time as the new models are released. Whaddya think?
  • Reply 95 of 130
    I have just tried on my 5 ios7, and the 'bug' works on mine too...
  • Reply 96 of 130
    Yeah, so you’re another one who missed the point of my original post. Anyone else want to say as much?

    I'm really struggling to understand where you're coming from on this one.

    I've re-read the article, and can only guess that you're taking it literally based on the wording, without referring to the original source?

    "exploiting a bug in the emergency calling system that allows anyone to bypass an iPhone's passcode lock to make a phone call."

    Is this what you're basing your point of view on?

    That it doesn't specifically say you can call a non emergency number?

    Otherwise I'm lost.

    If your phone’s stolen, you’d know, report it, and wouldn’t be charged.

    Credit card companies usually do this, but not always phone companies.

    A few seconds on google came up with plenty of examples...
    http://m.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=10818065

    http://www.telegraph.co.uk/finance/personalfinance/consumertips/household-bills/8512448/The-8200-cost-of-a-stolen-mobile-phone.html

    EDIT: Added your post clarifying your original reply:
    Nope. Haven’t you always been able to make any call from there? Were it just a line into 911, there would only be one button there: “911”.

    Has this not been answered for you?

    That you haven't always been able to make any call from there?
  • Reply 97 of 130
    asdasdasdasd Posts: 5,686member
    iron man wrote: »
    I'd be willing to bet that if pretty much any software ever released would show up with plenty of unexpected glitches if it were subject to this much popularity, and this much recognition for finding obscure bugs...

    As plenty of MS software was and is. The point I was making is that good testers try and break stuff - even if it annoys engineers. Sometimes you can ignore these kind of bugs as "user abuse" but not in security locked screens. I was just making the point that unless testers get to stray from scripts they won't find this.

    There is a general issue here too - from a engineering point of view it looks like when an app is launched from the control centre when locked its not really in any kind of secure sandboxed state. It is launched by the control centre and "knows" per app to quit back to the control centre when closed. It signals the control centre to relaunch. However that doesn't seem to work on a crash. The app just crashes and the springboard is relaunched
  • Reply 98 of 130

    Actually there’s an easier way to make a call when an iPhone is locked – simply use Siri and it works perfectly unless it was specifically explicitly disabled in the passcode lock setup. That’s a feature by the way not a bug.

     

    At any rate, this type of lock bypass bug routinely pops up on Android devices (e.g. google ‘another lockscreen security bug found in Samsung Android phones’) but I don’t see the same level of hyperbolic headline pundit coverage.

  • Reply 99 of 130
    Quote:
    Originally Posted by asdasd View Post





    Nonsense. Some one did it. After two days.



    EDIT: and if you going to come back with - one person out of millions - the kind of guys who try this are a tiny fraction of total users. So a tester in apple could have found it were he allowed to.

     

    Yes, it is important.

     

    I think the real point here is that this is vulnerable to a *deliberate* attack: someone trying to break into your (stolen and potentially containing sensitive information) phone could exploit it. Hence, someone intending to steal phones might very well look for this kind of vulnerability. Hence security specialists (white hats) look for this kind of stuff, amongst others.

     


    I see all these vulnerabilities when not "logged-in" as quite disappointing. One of the iPhone's real strengths is its security architecture (it is regarded as pretty good by those that understand these things, unlike certain other systems [eg here]) and it didn't happen by accident. So I'd expect the smart guys at Apple that designed it to understand that anything that makes exceptions to the security model - like apps running whilst not logged-in - is a real danger so needs to be tested to exhaustion. One of the things you'd look at is all the routes 'out' of the app (eg home button, multi-tasking switching, race hazards with these) because they need to perform differently in this special logged-out state; that should be obvious.


     


    The fact that they didn't catch these indicates inadequate testing. That's always the case with undetected bugs, the interesting point is why? The reason could be premature release of the software (not yet finished testing, as others have suggested), cost, lack of understanding, not caring or something else. Since this is Apple, I'd rule out all but a need to release too early (so it'll be fixed soon, along with other issues that no-one outside found). But it's a shame it happened.


     


    On the subject of testing, the best approach in my (professional) experience is a *mixture* of scripted testing and 'free-play' (where the testers try their hardest to break something by obscure means). I've seen software design and test teams locked in a very productive competition over how many faults the test team can find. It might have been Douglas Adams that said "when trying to design something completely foolproof [never] underestimate the ingenuity of complete fools", the same goes for hackers.
  • Reply 100 of 130
    Quote:
    Originally Posted by asdasd View Post





    There is a general issue here too - from a engineering point of view it looks like when an app is launched from the control centre when locked its not really in any kind of secure sandboxed state. It is launched by the control centre and "knows" per app to quit back to the control centre when closed. It signals the control centre to relaunch. However that doesn't seem to work on a crash. The app just crashes and the springboard is relaunched

     

    Yes, I agree that there may be an architectural issue here as well as a testing one. Anything done per-app is suspect, it's vulnerable to flaws and takes more effort to test.

     

    As a user, I love being able to use camera and calculator (etc) without "logging-in"; as a designer, I find it a little scary. This is one reason why the 5S's fingerprint sensor is so important: assuming it works reliably, it makes authentication quick and painless so there's no longer a need for apps to run outside the secured log-in state. That way, the problem gets designed out (the whole class of potential problems goes away).

Sign In or Register to comment.