iOS 9 security flaw grants unrestricted access to Photos and Contacts

13»

Comments

  • Reply 41 of 59
    tenlytenly Posts: 707member
    That's not a law everywhere. For those places that it is, I can't imagine that it's not up for appeal. What is their justification for demanding you to unlock your device?! Wouldn't they need a warrant?

    But in any case, it might be smart to use an uncommon finger - maybe a pinky - and simply tell the officer that Touch ID is not enabled.
  • Reply 42 of 59
    Quote:

    Originally Posted by krreagan View Post

     
    Quote:
    Originally Posted by plovell View Post

     
    Quote:
    Originally Posted by gordon1420 View Post

     
    Quote:
    Originally Posted by Chez Whitey View Post



    I'd erase my iPhone within minutes of being stolen






    If I'm stealing your iPhone, I'm putting it in airplane mode within seconds. I'm pretty sure I can do that a lot quicker than you can find another device, log in, and initiate remote wipe.

     




    But the exploit requires Siri and that requires network. Siri can't work in Airplane Mode.

    You can still enable WiFi while in airplane mode...


     

    That's true. But as soon as you enable WiFi the "lock" signal will be delivered. The exploit requires Siri - either cellular or WiFi - and the lost-mode-activation will be delivered as soon as networking is enabled - either cellular or WiFi. Airplane Mode with WiFi enabled isn't 100% genuine "Airplane Mode".

  • Reply 43 of 59

    "Unfortunately, iOS is no stranger to lock screen bypass bugs, as evidenced by iOS 7iOS 6and iOS 4."

     

    It would be nice if during the public betas this would be discovered but the problem here is that this is not a lock screen as the name would implied.  

     

    The screen needs to:

    -Allow 911 calls

    -Allow notifications (reminders, passbook, etc)

    -Respond to Siri (if enabled)

    -Answer phone calls and facetime

    -Play audio

    -Allow navigation apps (google/apple maps, etc)

    -Allow Apple pay

    -Allow Photos app

    -Allow control center

  • Reply 44 of 59
    Apple really needs to step up their game because the the days of Apple devices are the most secure are starting to haunt them. The fact that they are aware of these threats (admitting it or not until well after the fact) is very troubling to me considering all the users personal information they have stored raises the threat for hackers (not the FBI or other Government agencies) to get what would be a treasure trove of data that hackers could profit vastly off of by selling it to criminal organizations.

    It's just a matter of time before it happens and when it does I can only imagine how Google & Microsoft will be laughing and saying "And you thought you were the exception to rule"

    Really need to to plug these holes faster, and invest a lot more in security too...
  • Reply 45 of 59
    crowleycrowley Posts: 5,799member
    krreagan wrote: »
    Why do people still have 4-6 digit codes if they have important data on their phones? that's just dumb!

    I have a 10 alphanumeric code that I only have to use after a reboot... otherwise it's touch ID! This is much faster! and more secure then a 4-6 digit code...

    ... Still needs fixing!
    I have the same, but I wish Apple would allow TouchId after a reboot too. I have to input that 16 character password way more than I'd like. I'm not sure that the reboot rule adds any substantive security.
  • Reply 46 of 59
    Quote:

    Originally Posted by jbishop1039 View Post



    I tend to keep everything disabled from the lock screen, especially Control Center & Siri. No access to airplane mode or anything. Better safe than sorry I guess.

     

    Nice. It would be cool if you could chose what you had in Control Center, as I never use Airplane Mode, but I use the flashlight all. the. time.

  • Reply 47 of 59

    Yet another lock screen bug. It's nothing new and nothing to really panic over IMO.

     

    Even though this one likely affects more devices, I bet it will be used in the wild about as much as the latest Android lock screen bug:

     

    Quote:
    Originally Posted by revenant View Post

     

    they should switch quick, the malware and "professional security" of android is once again under threat.

     

    http://www.engadget.com/2015/09/16/android-lock-screen-bypass-flaw/

     


     

    That is to say almost no one will actually have this happen to them.

     

    I'm betting Apple will have a patch out soon enough.

  • Reply 48 of 59
    jfc1138jfc1138 Posts: 3,090member
    Quote:

    Originally Posted by stalfos View Post



    Why the hell are people still using 4 or 6 digit PINs?



    Same reasoning behind having simple tumbler locks on their doors or no fire suppression system in their kitchen : a perception the individual threat is low or nonexistent.

  • Reply 49 of 59

    Quote:


    Originally Posted by cornchip View Post

     

     

    Nice. It would be cool if you could chose what you had in Control Center, as I never use Airplane Mode, but I use the flashlight all. the. time.


    Totally agree. I've been wanting a customizable Control Centre for awhile now. Also, dynamic icons, like Clock and Calendar, would be nice. Seeing a quick glance of the current temperature on the Weather app would be neat. I guess we will have to wait and see.

  • Reply 50 of 59
    tenly wrote: »
    Even with all of the dumb things people say on here every day, your statement is in contention for one of the dumbest. It's bull. If this is for real (and not a fake video), it's clearly a bug which Apple should - and will - fix!

    Not everyone has something to hide, or sensitive information stored on their device. Many people still do not use any password at all...but for those that do - as long as they understand the implications of the passcode, it's a valid choice for them to use the simple passcode if, in their opinion it provides "enough" protection for them. Perhaps they protect their phone as well as they protect their wallet and they are comfortable with the risk that *IF* their phone is lost or stolen, it could be compromised easily. That's their choice to make!!! For some people the only risk in losing their phone is that someone could make long distance calls on it! For someone truly worried about privacy and security, they should absolutely use a longer, complex passcode - but just because somebody opts for a lower level of security does not at all make them DESERVING to be susceptible to a bug in their OS code.
    you should stop your stupid ass defense if you also use 4-digit PIN. You people are probably those use "Password" or ""123456" as computer passwords. Sure, absolutely deserve it. Apple will fix this minor thing. However, no one can protect the stupid.
  • Reply 51 of 59
    If anyone uses Touch ID to open their phone/iPad they put themselves in legal jeopardy. According to the law, you cannot be "forced" to provide your password to law enforcement, but you can be forced to use your fingerprint. If you want your privacy and property protected, use a password and restrict Touch ID to Apple Pay.
    stop the crap. If you are not guilty of anything, why care about cops asking for phone access? I showed cops my txt befor to prove innocent when my Ex accused me of threatening her. Big deal.
  • Reply 52 of 59
    Quote:

    Originally Posted by fallenjt View Post

     
    Quote:

    Originally Posted by SpamSandwich View Post



    If anyone uses Touch ID to open their phone/iPad they put themselves in legal jeopardy. According to the law, you cannot be "forced" to provide your password to law enforcement, but you can be forced to use your fingerprint. If you want your privacy and property protected, use a password and restrict Touch ID to Apple Pay.


    stop the crap. If you are not guilty of anything, why care about cops asking for phone access? I showed cops my txt befor to prove innocent when my Ex accused me of threatening her. Big deal.

    Because some people want to have a right to privacy and the right to not self incriminate.

     

    In the personal example you used the burden of proof should be on your ex and the police. You are innocent until proven guilty. If you know you are innocent, then you should tell them "prove it, I know my rights as an American citizen." If she said that you sent threatening texts she should have to provide that evidence from her phone. Not yours.

     

    The "if you are not guilty/have nothing to hide" argument is a scary and slippery slope. I do not want to live in a police state with no rights.

  • Reply 53 of 59
    Quote:

    Originally Posted by aikoku View Post



    I can't believe that appleinsider didn't check this video before post it on here. Don't you guys see that when he push down home button to call Siri, the iphone was unlock by touch id???

    I saw this video days before, and can't believe that this fake video can make appleinsider.

     

    Read the article...

     

     AppleInsider independently confirmed the bypass' validity in a series of tests.

  • Reply 54 of 59
    jbdragon wrote: »
    If your phone is stolen, this trick can be used to unlock your phone and wipe it and sell as a used phone for a whole lot more money then as a locked out phone that is almost worthless except for parting it out.   Making iPhones a target once again.
    Incorrect, with find my iPhone enabled, you need to successfully authenticate with your appleID to disable the feature before wiping the phone. If you wipe it with find my iPhone enabled it will prompt for the appleID & password before completing setup.
  • Reply 55 of 59
    If you have a concern about your address book data, try an App called %u2013 ContactShield which encrypts your address book in such a way that banks encrypt their data. A secure and robust App that protects my Address Book on iPhone, iPad, iCloud, Google and exchange; Although the flaw lets a stranger access your address book, he will not be able to use this data!
  • Reply 56 of 59
    tenlytenly Posts: 707member
    fallenjt wrote: »
    you should stop your stupid ass defense if you also use 4-digit PIN. You people are probably those use "Password" or ""123456" as computer passwords. Sure, absolutely deserve it. Apple will fix this minor thing. However, no one can protect the stupid.
    You should stop your arrogant trolling! So - in your mind, anyone with a weaker password than yours "deserves" to be the victim of a software bug? Do you not realize that is a real a**hole thing to say? By your logic, if I have a complex, 64 character code containing numbers, mixed case, special characters and no repeating characters or words from the dictionary and your password is weaker than mine..then I am perfectly justified in believing that you deserve to lose your data - due to the security software not functioning properly!

    When the security system is working properly - a 4-digit passcode does offer a certain level of security - and regardless of what you think, it's more than enough for many people - especially since it's strictly a second level of defense anyhow! Someone couldn't at as easily say that If you're so careless/clumsy that you let others have unsupervised access to your phone - you deserve to have your informations stolen!

    If a 4-digit numeric PIN is good enough for a persons credit card, what makes it so unsuitable for their phone? Many people don't have sensitive data stored on their phone - and look after their phones like they would a credit card - so if the phone were stolen and the thief cracked their 1234 passcode - the thief would be extremely disappointed in what they found! I obviously understand security and privacy much better than you do - including being able to distinguish data that needs protecting from data that doesn't! I use a 4-digit passcode on my phone because a) the phone is never out of my possession and b) if I was mugged and forced to turn over the phone, there is nothing stored on it that I would care about the thief gaining access to! It would be a waste of his time to do anything other than strip it for parts! My laptop on the other hand contains a lot of sensitive information and business intellectual property on it and therefore the entire laptop is encrypted and requires a dongle AND a highly complex password to log in. All of my business plans banking passwords are highly complex and changed every 30 days! My AppleInsider password, FaceBook and Twitter passwords are not. They're simple and I only change them every 6 months - because I have no sensitive data stored there.

    This long reply is for the benefit of those that don't realize you're just a rude, judgemental troll with a superiority complex. Instead of being a jerk and telling people that they deserve bad things to happen to them if they don't understand security, you could have used your post to try to educate them on security best practices - but then of course someone would have had to educate *you* first - starting with being able to tell the difference between data that might need protecting and data that might not.

    And completely apart from the topic of less-secure vs more-secure passwords - NOBODY "deserves" to have their privacy and security compromised by a malfunctioning security system.
  • Reply 57 of 59
    Which means it's on a network and can be remotely erased
    ...and that was my point!
  • Reply 58 of 59
    fallenjt wrote: »
    stop the crap. If you are not guilty of anything, why care about cops asking for phone access? I showed cops my txt befor to prove innocent when my Ex accused me of threatening her. Big deal.

    You're lucky. Try reading "Three Felonies a Day".
  • Reply 59 of 59
    aikoku said:
    Don't you know that this guy lied us? His finger tap home button and then iphone was unlock before Siri. If u use non touch id finger to do that, I guarantee that u can't bypass
    I bypassed both alphanumeric and fingerprint. I use my thumb to get in my phone normally. But if you tap the on off button on the right side and hold the home button down with a knuckle to bring out Siri just ask her to open photos and your pics pop up then hit the home button again and your in. I've opened about 15 phones so far. Now it may not do it all the time but I'd say 8/10 times it works. Most secure phone my ass.
    edited January 2016
Sign In or Register to comment.