iOS 9 security flaw grants unrestricted access to Photos and Contacts

2

Comments

  • Reply 21 of 59
    charlituna wrote: »
    That video is from several days ago. There was a new update this morning. Is the issue still there?
    Don't you know that this guy lied us? His finger tap home button and then iphone was unlock before Siri. If u use non touch id finger to do that, I guarantee that u can't bypass
  • Reply 22 of 59
    adamcadamc Posts: 583member
    He can't use the phone to make calls so it is a big deal?
  • Reply 23 of 59
    Have it occurred to anyone of you that this works because while activating Siri, that person's finger managed to be successfully authenticated by TouchID?
    I tried this out myself, and when it works, I can press the home button to return my home screen with full access to my iPhone. When I try activating Siri with a finger not registered with TouchID, this "loophole" fails.

    Obviously the person who made this video is trying to get some fame by spreading false rumours. This isn't a loophole. This works because TouchID authenticated him while he activated Siri...
  • Reply 24 of 59
    fallenjtfallenjt Posts: 4,056member
    It's 2015 and whoever still uses 4-digit PIN deserves this shjt. With Touch ID, use alphanumeric passcode unless you're so dumb not to know.
  • Reply 25 of 59

    This seems fake. As that person was activating Siri, his finger was authenticated by TouchID. I've tried this by activating Siri using my TouchID registered finger and it worked. I tried this again on a finger not registered by TouchID and it didn't work.

  • Reply 26 of 59
    tenlytenly Posts: 710member
    fallenjt wrote: »
    It's 2015 and whoever still uses 4-digit PIN deserves this shjt. With Touch ID, use alphanumeric passcode unless you're so dumb not to know.

    Even with all of the dumb things people say on here every day, your statement is in contention for one of the dumbest. It's bull. If this is for real (and not a fake video), it's clearly a bug which Apple should - and will - fix!

    Not everyone has something to hide, or sensitive information stored on their device. Many people still do not use any password at all...but for those that do - as long as they understand the implications of the passcode, it's a valid choice for them to use the simple passcode if, in their opinion it provides "enough" protection for them. Perhaps they protect their phone as well as they protect their wallet and they are comfortable with the risk that *IF* their phone is lost or stolen, it could be compromised easily. That's their choice to make!!! For some people the only risk in losing their phone is that someone could make long distance calls on it! For someone truly worried about privacy and security, they should absolutely use a longer, complex passcode - but just because somebody opts for a lower level of security does not at all make them DESERVING to be susceptible to a bug in their OS code.
  • Reply 27 of 59
    gordon1420 wrote: »
    If I'm stealing your iPhone, I'm putting it in airplane mode within seconds. I'm pretty sure I can do that a lot quicker than you can find another device, log in, and initiate remote wipe.

    I'm looking for a pay phone, looking, looking, looking. Damn you got my my mom, sisters, friends phone numbers and copies of last weekends soccer pictures.
  • Reply 28 of 59
    So now, when people don't take sensible steps to secure their devices, it's a "security flaw." Good to know that I can blame it on Apple when someone guesses that my password is "password."
  • Reply 29 of 59
    Why don't they see this coming? I mean, surely they do. Any features on the lock screen are complexities. Complexity is the chief opponent of reliability (and security). If not for competing against rivals who also refuse to accept that same logical fact, why else would such convenience features get put into a LOCK screen? I don't use a lock screen on mine because I hate the added inconvenience of unlocking a phone to use it, but these reports tell me that using the locking mode wouldn't really guard my data anyway.

    Technology under constant demand of capitalist competition (and feature requests from users that aren't trained in security) leaves us with the same rules of engagement as always:

    "Don't lose it!", just like with your "unsecured" traditional wallet.

    Yes, a lock screen is one more step of potential security... assuming the thief or snoop isn't up on all these multitudes of security flaws... but it's not reliable. An unreliable feature is kind of a worthless feature. Oops, I just pointed out what's wrong with almost everything in the computer industry. Geek faux pas.
  • Reply 30 of 59
    Quote:

    Originally Posted by idrey View Post



    How in the hell can these people figure this s.hit out?

     

    All part of the job. Security researchers know their shizz, and there are tons of pentest/disassembler/stringify tools out there. (It doesn't help that, as the article points out, the lock screen has been an area of insecurity for previous iOS releases.)

  • Reply 31 of 59
    Is there anything to keep someone from just switching to custom numeric and entering their existing short unlock code twice?
  • Reply 32 of 59
    cnocbuicnocbui Posts: 3,613member
    Quote:

    Originally Posted by Chez Whitey View Post



    I'd erase my iPhone within minutes of being stolen



    Not if someone put it in a Faraday cage you wouldn't.

  • Reply 33 of 59
    Quote:
    Originally Posted by gordon1420 View Post

    Quote:
    Originally Posted by Chez Whitey View Post

    I'd erase my iPhone within minutes of being stolen


    If I'm stealing your iPhone, I'm putting it in airplane mode within seconds. I'm pretty sure I can do that a lot quicker than you can find another device, log in, and initiate remote wipe.

     

    But the exploit requires Siri and that requires network. Siri can't work in Airplane Mode.
  • Reply 34 of 59
    some people have too much time on their hands, jeez

    oh wait someone can see my contacts and photos big fracking deal and they have to access my phone and, and !
  • Reply 35 of 59
    Why do people still have 4-6 digit codes if they have important data on their phones? that's just dumb!

    I have a 10 alphanumeric code that I only have to use after a reboot... otherwise it's touch ID! This is much faster! and more secure then a 4-6 digit code...

    ... Still needs fixing!
  • Reply 36 of 59
    Quote:

    Originally Posted by plovell View Post

     
    Quote:

    Originally Posted by gordon1420 View Post

     
    Quote:

    Originally Posted by Chez Whitey View Post



    I'd erase my iPhone within minutes of being stolen






    If I'm stealing your iPhone, I'm putting it in airplane mode within seconds. I'm pretty sure I can do that a lot quicker than you can find another device, log in, and initiate remote wipe.

     




    But the exploit requires Siri and that requires network. Siri can't work in Airplane Mode.

    You can still enable WiFi while in airplane mode...

  • Reply 37 of 59
    krreagan wrote: »
    Why do people still have 4-6 digit codes if they have important data on their phones? that's just dumb!

    I have a 10 alphanumeric code that I only have to use after a reboot... otherwise it's touch ID! This is much faster! and more secure then a 4-6 digit code...

    ... Still needs fixing!

    If anyone uses Touch ID to open their phone/iPad they put themselves in legal jeopardy. According to the law, you cannot be "forced" to provide your password to law enforcement, but you can be forced to use your fingerprint. If you want your privacy and property protected, use a password and restrict Touch ID to Apple Pay.
  • Reply 38 of 59
    Quote:

    Originally Posted by krreagan View Post

     

    You can still enable WiFi while in airplane mode...


     

    Which means it's on a network and can be remotely erased

  • Reply 39 of 59
    jbdragonjbdragon Posts: 2,312member
    Quote:

    Originally Posted by jfc1138 View Post



    Plan "A"?*



    Don't lose your phone.



    * Not a "fix", merely a solution. ????

     

    If your phone is stolen, this trick can be used to unlock your phone and wipe it and sell as a used phone for a whole lot more money then as a locked out phone that is almost worthless except for parting it out.   Making iPhones a target once again.

  • Reply 40 of 59
    jbdragonjbdragon Posts: 2,312member
    Quote:

    Originally Posted by SpamSandwich View Post





    If anyone uses Touch ID to open their phone/iPad they put themselves in legal jeopardy. According to the law, you cannot be "forced" to provide your password to law enforcement, but you can be forced to use your fingerprint. If you want your privacy and property protected, use a password and restrict Touch ID to Apple Pay.

     

    You can quickly power down the phone!  Once you turn the phone back on, touchID won't work, you have to enter a password the first time it's turned on.   So if you're quick about it, power down your phone.  You can touch the scanner all you want and it won't do anything.

Sign In or Register to comment.