New security hole in Apple's iOS 6.1 lets anyone bypass an iPhone's lockscreen

124

Comments

  • Reply 61 of 83
    gatorguygatorguy Posts: 24,611member

    Quote:

    Originally Posted by jragosta View Post





    Obviously, it's because there's a massive double standard. Apple is held to different standards than everyone else.


    Apple holds themselves to different standards don't they, as do their users? That's why a stumble by Apple gets more attention. Not being "any worse than Google" isn't nearly good enough is it?

  • Reply 62 of 83


    Originally Posted by Gatorguy View Post

    Aple holds themselves to different standards don't they? That's why a stumble by Apple gets more attention.


     


    Funny how holding oneself to any standard whatsoever is considered "higher" these days.

  • Reply 63 of 83
    geekdadgeekdad Posts: 1,131member

    Quote:

    Originally Posted by SolipsismX View Post





    Despite Android's numbers not enough people care about Android for it to be a big deal. It's not that people are more rational it's about the mindshare making it newsworthy, like some actor who is a household name one year just to be forgotten the next. Apple has seemingly done the impossible by continuing generating more and increasingly dominant mindshare and holding it for so very long. I guess if you look at the single issue it's better for Google than Apple in this case and Apple needs to be more diligent because anything out of place will be dissected to the fullest degree but in the big picture everyone wants to be Apple.


    Wow...that was so perfect...i was trying find a way to explain Apple's mindshare and you nailed it!

  • Reply 64 of 83
    It's reckless to suggest people call 911 as a game. Even if only a few calls go through because people don't end the calls quickly enough, it's just not okay. Someone with an actual emergency could have service delayed because some geek is trying a hack. Seriously, this is reckless and should be removed from this website. Even if it's on other sites, AppleInsider should have more respect for human life than this.
  • Reply 65 of 83


    Originally Posted by peterm7 View Post

    …AppleInsider should have more respect for human life than this.


     


    I think that's a little overboard.

  • Reply 66 of 83
    malaxmalax Posts: 1,598member

    Quote:

    Originally Posted by Gazoobee View Post


     


    True.  11 guesses gives an attacker fairly good odds of guessing it though.  


     


    Where I work we have numbered locks on the doors and when I get bored I try to guess the codes.  Most of the time it's under a dozen guesses or so and your in.  You could use the longer alpha-numercial password to be safer.  


     


    I was mostly kicking back against how poorly the whole thing is being portrayed by the tech press.  Everyone is saying this is a "bypass" of the lock screen for example when it's really only a partial bypass.  Access to the phone itself is not given.  


     


    Also, it requires physical access to the phone, which if an attacker has, they could simply take your phone and take it back to their home in which case it's easy to break in.  Any attack that requires physical control of the device is not really a security flaw in the same way as a "real" security flaw that could allow someone to access your stuff without your knowledge or consent.  By giving them physical access, you are essentially complicit.  


     


    Finally, as others have pointed out, Android has numerous ways to *completely* bypass the lock screen (not partial), and no one gives a flying f*ck about that.  


     


    IMO it's just shameless the way this has been put forward by the tech press as some kind of giant serious security flaw when it isn't even close to that. 



     


    I agree with your other points.  Getting my voicemail, photos, and contacts wouldn't concern me (much); getting into my mail and apps would be a BFD.


     


    But your assertion that 11 tries (without having seen the phone being unlocked) gives one "fairly good odds" is nonsense.  .999^11 = .989.  Ok, the fact that 1.1 times out of a hundred a random dude could guess your pin before it's disabled is higher than you'd like.  But 1 in a 100 a very long, long shot by most definitions.


     


    (I just just checked my phone to see if fingerprints would give away what numbers I tend to type, and was pleasantly surprised that whatever coating Apple uses is pretty darn good: no smudges, no fingerprints.)

  • Reply 67 of 83

    Quote:

    Originally Posted by peterm7 View Post



    It's reckless to suggest people call 911 as a game. Even if only a few calls go through because people don't end the calls quickly enough, it's just not okay. Someone with an actual emergency could have service delayed because some geek is trying a hack. Seriously, this is reckless and should be removed from this website. Even if it's on other sites, AppleInsider should have more respect for human life than this.


     


    An excellent point and the reason that I won't try this.


     


    Not sure it shows AI as not having respect for human life - but I have to wonder why AI would give the video creator more attention over a pretty clunky sort of a hack.

  • Reply 68 of 83

    Quote:

    Originally Posted by peterm7 View Post



    It's reckless to suggest people call 911 as a game. Even if only a few calls go through because people don't end the calls quickly enough, it's just not okay. Someone with an actual emergency could have service delayed because some geek is trying a hack. Seriously, this is reckless and should be removed from this website. Even if it's on other sites, AppleInsider should have more respect for human life than this.


    Not sure about elsewhere, but here in the UK its on offence to call 911/999 without good cause.  Better make sure you cancel that call damn quick as I'm pretty sure trying out an iOS exploit is not good cause:-)

  • Reply 69 of 83

    Quote:

    Originally Posted by peterm7 View Post



    It's reckless to suggest people call 911 as a game. Even if only a few calls go through because people don't end the calls quickly enough, it's just not okay. Someone with an actual emergency could have service delayed because some geek is trying a hack. Seriously, this is reckless and should be removed from this website. Even if it's on other sites, AppleInsider should have more respect for human life than this.


     


    It said to try 112 in the video, so I tried it figuring it was just a random junk number that went nowhere.  Found out the hard way the it works in the U.S., same as 911.

  • Reply 70 of 83
    I was able to use this method to open someone else's locked phone on the first try. Hope Apple fixes it soon.
  • Reply 71 of 83
    Another irresponsible post from the Apple insider staff.
  • Reply 72 of 83
    Well the best ain't perfect.
  • Reply 73 of 83
    It's an issue and it will be fixed. Much like typing the file slash slash thing was. The only people this effected were the ones trying it out themselves. Blown out of proportion, yes. Still needs to be addressed, yes. If you care about it that much, don't let anyone you don't trust use your phone. Perfect interim solution.
  • Reply 74 of 83


    A poster on MacRumors for the same story states that if you turn off Simple Passcode, and require more than the 4 numbers, this "exploit" no longer works.

  • Reply 75 of 83
    Just remember that it is illegal to call 911 for any purpose other than to report an emergency. Even if you think you have canceled the call, it could still go through and your phone number and GPS location will be logged. I imagine that if you do this a bunch of times while trying out the hack or demonstrating it to others you could receive an visit from the police. I worry that this hack has the potential to snarl the 911 system and prevent people in real emergency situations from getting through. DON'T DO IT!
  • Reply 76 of 83
    dysamoriadysamoria Posts: 3,430member
    seanie248 wrote: »
    "Ironically, a nearly identical vulnerability reared its ugly head back in October of 2010 "

    Coincidentally, maybe, but Ironically???

    Cant see the irony here....

    Love it when guys find these little bug things out... I always have to think... what made him do those actions in exactly that order to discover the bug? Do these people sit all day just trying random combinations of actions or is there a "method".

    Pretty much. It would be great if Windows news sites reported the endless glitches in Windows that have been there since Win 98 and are still there. Every time I use a feature that not every person on the planet uses, I get punished for it with glitchy behavior. If you have to ask for examples, I'm not going to bother because you clearly don't use Windows from top to bottom. I've watched the difference between average and even power users and myself. I'm dohbg nothing strange but I am using things not everyone regularly. Surprisingly, a lot of junk exists for users that are heavy drag and drop and context menu users. I figured that stuff was common.

    While we're at it, why don't these Mac news sites care to talk about broken features in Mac OS? Have an IMAP mail server that requires a prefix? Use Notes app on Mountain Lion to sync notes on your own IMAP server?

    No one gives a damn.
  • Reply 77 of 83


    Originally Posted by Dontuwish View Post

    A poster on MacRumors for the same story states that if you turn off Simple Passcode, and require more than the 4 numbers, this "exploit" no longer works.


     


    Off-topic, but I've always wanted to allow international keyboards on the non-simple passcode screen.


     


    I know enough of a non-Latin character language that I'd like to make a phrase from it for my passcode, but the OS won't let me use the keyboard I have enabled elsewhere within it. 

  • Reply 78 of 83

    Quote:

    Originally Posted by Gazoobee View Post


     


    IMO it's just shameless the way this has been put forward by the tech press as some kind of giant serious security flaw when it isn't even close to that. 



     


    Okay, I'll bite.


     


    So say that I'm the head of IT security for Home Depot and we have just switch all of our phones for  middle management and such over to the iPhone because we experienced some downtime on Rim/Blackberry's network (Plus seemed to be asleep at the wheel).   I would be disappointed by this news because I was promised an enterprise level security system that was at least on par with Rim's phones.  Instead now I have the potential for my phones to be stolen (even by other employees) and they can read my email.


     


    Now let's change the company and put a major financial company who are using iPhones and some finance guys misplaces his phone that contains lot of sensitive information.


     


    So yes I would see this as a major security flaw and it should be pointed out because Apple has always claimed how they are ready for Enterprise and how their OS is perfect.  If you have the balls to say your are perfect, you better damn well be because if you are not and people find out about it, I will have a hard time feeling that you don't deserve it a little bit.

  • Reply 79 of 83


    Originally Posted by zippy2shoes View Post

    …Apple has always claimed how… …their OS is perfect.


     


    Nah. Try again. This time without trying to counter what you perceive as "fanboyism" with antifanboyism.






    If you have the balls to say your are perfect…



     


    If you have the balls to claim someone says that, you better back it up.

  • Reply 80 of 83
    auxioauxio Posts: 2,755member

    Quote:

    Originally Posted by SolipsismX View Post



    Wow!





     


    It's a joke.  I can almost guarantee that the person who created the video is not the same person who figured this trick out.


     


    More likely, he (or someone he knows) hangs out on iPhone hacking IRC channels (like the ones used by the iPhone dev team members) and somehow overheard (or purchased) this information from someone close to one of the people who does the real hacking.  Those guys are rarely online, let alone spending time making videos of themselves, because they're busy working at figuring hacks like this out (for the purpose of developing them into jailbreaks).


     


    The click money/ad revenue earned from being the first person to post a video of such hacks is worth a lot.  As is the reputation of your site as being "the place to go" to get this information first.  Wouldn't surprise me at all if a fair bit of money changed hands over this.

Sign In or Register to comment.