That video is from several days ago. There was a new update this morning. Is the issue still there?
Don't you know that this guy lied us? His finger tap home button and then iphone was unlock before Siri. If u use non touch id finger to do that, I guarantee that u can't bypass
Have it occurred to anyone of you that this works because while activating Siri, that person's finger managed to be successfully authenticated by TouchID? I tried this out myself, and when it works, I can press the home button to return my home screen with full access to my iPhone. When I try activating Siri with a finger not registered with TouchID, this "loophole" fails.
Obviously the person who made this video is trying to get some fame by spreading false rumours. This isn't a loophole. This works because TouchID authenticated him while he activated Siri...
This seems fake. As that person was activating Siri, his finger was authenticated by TouchID. I've tried this by activating Siri using my TouchID registered finger and it worked. I tried this again on a finger not registered by TouchID and it didn't work.
It's 2015 and whoever still uses 4-digit PIN deserves this shjt. With Touch ID, use alphanumeric passcode unless you're so dumb not to know.
Even with all of the dumb things people say on here every day, your statement is in contention for one of the dumbest. It's bull. If this is for real (and not a fake video), it's clearly a bug which Apple should - and will - fix!
Not everyone has something to hide, or sensitive information stored on their device. Many people still do not use any password at all...but for those that do - as long as they understand the implications of the passcode, it's a valid choice for them to use the simple passcode if, in their opinion it provides "enough" protection for them. Perhaps they protect their phone as well as they protect their wallet and they are comfortable with the risk that *IF* their phone is lost or stolen, it could be compromised easily. That's their choice to make!!! For some people the only risk in losing their phone is that someone could make long distance calls on it! For someone truly worried about privacy and security, they should absolutely use a longer, complex passcode - but just because somebody opts for a lower level of security does not at all make them DESERVING to be susceptible to a bug in their OS code.
If I'm stealing your iPhone, I'm putting it in airplane mode within seconds. I'm pretty sure I can do that a lot quicker than you can find another device, log in, and initiate remote wipe.
I'm looking for a pay phone, looking, looking, looking. Damn you got my my mom, sisters, friends phone numbers and copies of last weekends soccer pictures.
So now, when people don't take sensible steps to secure their devices, it's a "security flaw." Good to know that I can blame it on Apple when someone guesses that my password is "password."
Why don't they see this coming? I mean, surely they do. Any features on the lock screen are complexities. Complexity is the chief opponent of reliability (and security). If not for competing against rivals who also refuse to accept that same logical fact, why else would such convenience features get put into a LOCK screen? I don't use a lock screen on mine because I hate the added inconvenience of unlocking a phone to use it, but these reports tell me that using the locking mode wouldn't really guard my data anyway.
Technology under constant demand of capitalist competition (and feature requests from users that aren't trained in security) leaves us with the same rules of engagement as always:
"Don't lose it!", just like with your "unsecured" traditional wallet.
Yes, a lock screen is one more step of potential security... assuming the thief or snoop isn't up on all these multitudes of security flaws... but it's not reliable. An unreliable feature is kind of a worthless feature. Oops, I just pointed out what's wrong with almost everything in the computer industry. Geek faux pas.
How in the hell can these people figure this s.hit out?
All part of the job. Security researchers know their shizz, and there are tons of pentest/disassembler/stringify tools out there. (It doesn't help that, as the article points out, the lock screen has been an area of insecurity for previous iOS releases.)
I'd erase my iPhone within minutes of being stolen
If I'm stealing your iPhone, I'm putting it in airplane mode within seconds. I'm pretty sure I can do that a lot quicker than you can find another device, log in, and initiate remote wipe.
But the exploit requires Siri and that requires network. Siri can't work in Airplane Mode.
Why do people still have 4-6 digit codes if they have important data on their phones? that's just dumb!
I have a 10 alphanumeric code that I only have to use after a reboot... otherwise it's touch ID! This is much faster! and more secure then a 4-6 digit code...
I'd erase my iPhone within minutes of being stolen
If I'm stealing your iPhone, I'm putting it in airplane mode within seconds. I'm pretty sure I can do that a lot quicker than you can find another device, log in, and initiate remote wipe.
But the exploit requires Siri and that requires network. Siri can't work in Airplane Mode.
You can still enable WiFi while in airplane mode...
Why do people still have 4-6 digit codes if they have important data on their phones? that's just dumb!
I have a 10 alphanumeric code that I only have to use after a reboot... otherwise it's touch ID! This is much faster! and more secure then a 4-6 digit code...
... Still needs fixing!
If anyone uses Touch ID to open their phone/iPad they put themselves in legal jeopardy. According to the law, you cannot be "forced" to provide your password to law enforcement, but you can be forced to use your fingerprint. If you want your privacy and property protected, use a password and restrict Touch ID to Apple Pay.
If your phone is stolen, this trick can be used to unlock your phone and wipe it and sell as a used phone for a whole lot more money then as a locked out phone that is almost worthless except for parting it out. Making iPhones a target once again.
If anyone uses Touch ID to open their phone/iPad they put themselves in legal jeopardy. According to the law, you cannot be "forced" to provide your password to law enforcement, but you can be forced to use your fingerprint. If you want your privacy and property protected, use a password and restrict Touch ID to Apple Pay.
You can quickly power down the phone! Once you turn the phone back on, touchID won't work, you have to enter a password the first time it's turned on. So if you're quick about it, power down your phone. You can touch the scanner all you want and it won't do anything.
Comments
I tried this out myself, and when it works, I can press the home button to return my home screen with full access to my iPhone. When I try activating Siri with a finger not registered with TouchID, this "loophole" fails.
Obviously the person who made this video is trying to get some fame by spreading false rumours. This isn't a loophole. This works because TouchID authenticated him while he activated Siri...
This seems fake. As that person was activating Siri, his finger was authenticated by TouchID. I've tried this by activating Siri using my TouchID registered finger and it worked. I tried this again on a finger not registered by TouchID and it didn't work.
Even with all of the dumb things people say on here every day, your statement is in contention for one of the dumbest. It's bull. If this is for real (and not a fake video), it's clearly a bug which Apple should - and will - fix!
Not everyone has something to hide, or sensitive information stored on their device. Many people still do not use any password at all...but for those that do - as long as they understand the implications of the passcode, it's a valid choice for them to use the simple passcode if, in their opinion it provides "enough" protection for them. Perhaps they protect their phone as well as they protect their wallet and they are comfortable with the risk that *IF* their phone is lost or stolen, it could be compromised easily. That's their choice to make!!! For some people the only risk in losing their phone is that someone could make long distance calls on it! For someone truly worried about privacy and security, they should absolutely use a longer, complex passcode - but just because somebody opts for a lower level of security does not at all make them DESERVING to be susceptible to a bug in their OS code.
I'm looking for a pay phone, looking, looking, looking. Damn you got my my mom, sisters, friends phone numbers and copies of last weekends soccer pictures.
Technology under constant demand of capitalist competition (and feature requests from users that aren't trained in security) leaves us with the same rules of engagement as always:
"Don't lose it!", just like with your "unsecured" traditional wallet.
Yes, a lock screen is one more step of potential security... assuming the thief or snoop isn't up on all these multitudes of security flaws... but it's not reliable. An unreliable feature is kind of a worthless feature. Oops, I just pointed out what's wrong with almost everything in the computer industry. Geek faux pas.
How in the hell can these people figure this s.hit out?
All part of the job. Security researchers know their shizz, and there are tons of pentest/disassembler/stringify tools out there. (It doesn't help that, as the article points out, the lock screen has been an area of insecurity for previous iOS releases.)
I'd erase my iPhone within minutes of being stolen
Not if someone put it in a Faraday cage you wouldn't.
I'd erase my iPhone within minutes of being stolen
If I'm stealing your iPhone, I'm putting it in airplane mode within seconds. I'm pretty sure I can do that a lot quicker than you can find another device, log in, and initiate remote wipe.
oh wait someone can see my contacts and photos big fracking deal and they have to access my phone and, and !
I have a 10 alphanumeric code that I only have to use after a reboot... otherwise it's touch ID! This is much faster! and more secure then a 4-6 digit code...
... Still needs fixing!
I'd erase my iPhone within minutes of being stolen
If I'm stealing your iPhone, I'm putting it in airplane mode within seconds. I'm pretty sure I can do that a lot quicker than you can find another device, log in, and initiate remote wipe.
But the exploit requires Siri and that requires network. Siri can't work in Airplane Mode.
You can still enable WiFi while in airplane mode...
If anyone uses Touch ID to open their phone/iPad they put themselves in legal jeopardy. According to the law, you cannot be "forced" to provide your password to law enforcement, but you can be forced to use your fingerprint. If you want your privacy and property protected, use a password and restrict Touch ID to Apple Pay.
You can still enable WiFi while in airplane mode...
Which means it's on a network and can be remotely erased
Plan "A"?*
Don't lose your phone.
* Not a "fix", merely a solution. ????
If your phone is stolen, this trick can be used to unlock your phone and wipe it and sell as a used phone for a whole lot more money then as a locked out phone that is almost worthless except for parting it out. Making iPhones a target once again.
If anyone uses Touch ID to open their phone/iPad they put themselves in legal jeopardy. According to the law, you cannot be "forced" to provide your password to law enforcement, but you can be forced to use your fingerprint. If you want your privacy and property protected, use a password and restrict Touch ID to Apple Pay.
You can quickly power down the phone! Once you turn the phone back on, touchID won't work, you have to enter a password the first time it's turned on. So if you're quick about it, power down your phone. You can touch the scanner all you want and it won't do anything.