New security hole in Apple's iOS 6.1 lets anyone bypass an iPhone's lockscreen

245

Comments

  • Reply 21 of 83


    There’s hacks to bypass the lock screen on Android all together (giving full access) and it’s get minimal tech media attention. Happens on Apple and it's a feature new article on every tech media site with the usual Apple bashing hyperbole.  That's not to say we as users should excuse Apple and I'm hoping that Ive and company are hard at work to refreshen a rather stale OS to include better security features.    

  • Reply 22 of 83


    I'm not able to duplicate this on 6.1.1 beta 1 on model A1429.  

  • Reply 23 of 83
    jragostajragosta Posts: 10,473member
    jungmark wrote: »
    unfortunately lots of people use "ironically" incorrectly.

    What you mean is:

    Ironically, lots of people use 'ironically' incorrectly.
  • Reply 24 of 83
    galbigalbi Posts: 968member

    Quote:

    Originally Posted by lkrupp View Post



    What fascinates me about stuff like this is how it is discovered. Some ODC type with too much time on their hands sitting around randomly pushing buttons? You tell me how somebody figures this out.



    And then there's the ethical question of whether to notify Apple and give them some time to fix it before going public. This can actually hurt users. Did this happen in this case? I suspect a lot of these reports are more about 'gotcha' moments and nerd chest thumping than reporting security flaws, more about embarrassing Apple than doing the right thing. Now Apple will be scrambling to issue a patch. Do we really want a hurry up job because somebody went public instead of notifying Apple first? Rushed code patches are a recipe for trouble in my opinion. I'm not suggesting stuff like this be kept quiet or letting Apple sit on it for months without doing something but give them some amount of time to fix it before going public.




    Prove that he did not notify Apple.


     


    Then lets talk.


     


    Also, this isnt the first time Apple had this issue raised before. According to your logic, now that Apple had months since the last release, shouldn't they now have been fixed?


     


    This latest video clearly shows that they certainly havent listened or at least bothered to check it.

  • Reply 25 of 83

    Quote:

    Originally Posted by Galbi View Post


     


    This latest video clearly shows that they certainly havent listened or at least bothered to check it.



     


    It doesn't clearly show anything. This might not be exactly the same flaw as 4.1, you can't prove they were told ahead of this video being posted, the phone could be jailbroken etc. 


     


    unless you have a recording to post of Sir Jony or such telling his peeps not to bother checking or this flaw or saying yeah he got a report so what, you can no more prove they were old etc than others can prove they were not

  • Reply 26 of 83
    auxioauxio Posts: 2,752member

    Quote:

    Originally Posted by lkrupp View Post



    What fascinates me about stuff like this is how it is discovered. Some ODC type with too much time on their hands sitting around randomly pushing buttons? You tell me how somebody figures this out.


     


    Someone who has disassembled (reverse engineered) parts of iOS, noticed the potential for the bypass, and was able to reproduce it?  I was pretty amazed when I saw what people were capable of discovering via reverse engineering prior to Apple opening iOS up for app development (SDK).

  • Reply 27 of 83
    gazoobeegazoobee Posts: 3,754member

    Quote:

    Originally Posted by charlituna View Post


    ... unless you have a recording to post of Sir Jony or such telling his peeps not to bother checking or this flaw or saying yeah he got a report so what ... 



     


    As humorous as this scenario is, Ive has nothing to do with this, nor should he.  


     


    He's a designer.  He knows almost zero about software and nothing about security.  To say he should have oversight on a matter like this is like saying an ice-cream salesman should be in charge of an automobile dealership.  

  • Reply 28 of 83
    Wow, they can see my photos, modify my contacts (um, they have my phone modifying my contacts is the least of my concerns), and, OH NOs, listen to my voicemail. Do I need to repeat they have your phone? Is this an issue? Of course, but I'm sure it will get fixed before the great "contact modification" craze spreads to far.
  • Reply 29 of 83


    Whoopee...... like I'm afraid.

  • Reply 30 of 83
    If anyone actually has the time to go through all that - they can have at er.

    How the heck to people come up with this stuff?
  • Reply 31 of 83
    realisticrealistic Posts: 1,154member


    I understand and agree with reporting security flaws but what purpose is served by telling the general public how to take advantage of it?

  • Reply 32 of 83

    Quote:

    Originally Posted by Gazoobee View Post


     


    As humorous as this scenario is, Ive has nothing to do with this, nor should he.  


     


    He's a designer.  He knows almost zero about software and nothing about security.  To say he should have oversight on a matter like this is like saying an ice-cream salesman should be in charge of an automobile dealership.  



     


    1. I said Sir Jony or such. Try reading the whole thing next time, especially if you are going to post a rebuttal attempting to make me look stupid.


     


    2. Just because he's a designer doesn't equal him knowing little about software or security. 

  • Reply 33 of 83


    By the time you get all that to work, I'll be back from the washroom and at my desk wondering wtf you're trying to do with my phone. 


     


    Lmao

  • Reply 34 of 83


    OK, so Apple made a mistake here. Serious, not serious, whatever. What I want to know is what is AppleInsiders excuse for publishing it? Why? 


    You think you can disseminate the information yet not be like the bad people who do it for bad reasons? You're different, of course, it's your duty to pass on info found. It's part of your journalistic integrity to pass on anything impartially and without judgement. Can't go covering it up can we? Oh no, so let's just pass it on, add to the availability of the information yet hold our head up high a wonderful sense of self rightousnes from doing our job so well.

  • Reply 35 of 83

    Quote:

    Originally Posted by rob53 View Post



    Interesting that this phone couldn't get a cellular signal (shows searching) and only had a network connection. It then comes up with different languages. Is this how the emergency call works? He also was at 27% battery. What's the icon next to the 27%? It's not the bluetooth icon. What's that double up arrow type thing at the bottom next to the home button?


    The thing next to the battery level is the "orientation lock" icon...meaning the phone won't change orientation when you rotate it sideways the way it normally would.  I have no idea what you're talking about regarding "double up arrow" next to the home button...unless you're referring to the double ^ thingys at the bottom of the video...those are part of youtube viewer not part of the video.

  • Reply 36 of 83
    gazoobeegazoobee Posts: 3,754member

    Quote:

    Originally Posted by charlituna View Post


     


    1. I said Sir Jony or such. Try reading the whole thing next time, especially if you are going to post a rebuttal attempting to make me look stupid.


     


    2. Just because he's a designer doesn't equal him knowing little about software or security. 



     


    You are soooo touchy lately, when you used to be one of the pleasanter people on the forum.  image


    I tried to be nice actually, apparently it didn't come across.  


     


    I will try to stop talking to you at all since the last five times I have you've taken it as some kind of colossal personal insult when it clearly wasn't intended as such, but the truth is I don't always look at *who* it is posting and don't actually keep track of everyone's personality/name etc. 

  • Reply 37 of 83
    drblankdrblank Posts: 3,385member

    Quote:

    Originally Posted by seanie248 View Post



    "Ironically, a nearly identical vulnerability reared its ugly head back in October of 2010 "



    Coincidentally, maybe, but Ironically???



    Cant see the irony here....



    Love it when guys find these little bug things out... I always have to think... what made him do those actions in exactly that order to discover the bug? Do these people sit all day just trying random combinations of actions or is there a "method".

     


    I was wondering the same thing.  What I find even stronger is that these virus fixing software companies usely have a fix for a virus out as soon as the virus becomes known.  How can they find the virus snd have a "fix" for it shortly thereafter?  Are there employees at these virus software companies writing the virus and the patch for them at the same time?

  • Reply 38 of 83
    geekdadgeekdad Posts: 1,131member

    Quote:

    Originally Posted by drblank View Post


    I was wondering the same thing.  What I find even stronger is that these virus fixing software companies usely have a fix for a virus out as soon as the virus becomes known.  How can they find the virus snd have a "fix" for it shortly thereafter?  Are there employees at these virus software companies writing the virus and the patch for them at the same time?



    You are correct....a lot of these security (virus companines) employ people that do nothing but proactivley look for software vulnerabilities. Then they have fixes sorted out for various threats. They also will inform the software maker of the vulnerabilites in advance but they don't always take heed.

  • Reply 39 of 83


    Geezuz....do people actually get PAID to sit around all day and try these weird key sequences on their phones?  I guess I'm glad they have phones..imagine what they'd discover if they only had themselves to play with! image

     

  • Reply 40 of 83
    gatorguygatorguy Posts: 24,565member

    Quote:

    Originally Posted by mactoid View Post


    Geezuz....do people actually get PAID to sit around all day and try these weird key sequences on their phones?  I guess I'm glad they have phones..imagine what they'd discover if they only had themselves to play with! image

     



    I'm going to guess they just tried the same key sequence that worked in 2011. Someone probably tries it again with every new update. A bit surprised someone with authority at Apple didn't (if they didn't).

Sign In or Register to comment.