Complex iOS 12 passcode bypasses grant access to iPhone Contacts and Photos

2»

Comments

  • Reply 21 of 24
    Rayz2016Rayz2016 Posts: 6,957member
    Rayz2016 said:
    Soli said:
    I don't get how this same type of bug is still common with iOS after all these years.
    These are pretty obscure cases, so I’m more impressed he was able to find them – though “access Siri when the phone is locked” is a good starting point.

     I think the only thing Siri should do with a locked phone is play music, nothing else.
    Maybe also call an emergency number? You never know when that might come in handy, and when it does you’ll be happy it was there.
    Yeah, that’s true. 
  • Reply 22 of 24
    Rayz2016Rayz2016 Posts: 6,957member
    microbe said:
    Such a complex sequence of actions that let you into any iPhone. Gee. Almost seems like some sort of an intended hard to find “key” that could have been designed into the system to allow, well, maybe governments to get into phones they have been screaming for access to? After all, what’s more important to a company than access to profits which a government could hinder by placing, let’s say, tariffs on imports of their products as one example.
    🙄
    Soli
  • Reply 23 of 24
    nhtnht Posts: 4,522member
    bulk001 said:
    I’m now frightened. /s
    The whole world doesn’t revolve around you. For people living under oppressive regimes, journalists, people working for NGO’s, diplomats, business people traveling abroad etc. this can be a legitimate security concern. If theses were issues on an Android device you would no doubt be howling about it ... 😀
    Obligatory xkcd


  • Reply 24 of 24
    gatorguygatorguy Posts: 24,176member
    bulk001 said:
    I’m now frightened. /s
    The whole world doesn’t revolve around you. For people living under oppressive regimes, journalists, people working for NGO’s, diplomats, business people traveling abroad etc. this can be a legitimate security concern. If theses were issues on an Android device you would no doubt be howling about it ... ߘবt;/div>
    They should not have any function accessible from the locked screen, without typing in a passcode. Period!

    "If theses were issues on an Android device you would no doubt be howling about it ... ߘবt;/span>"
    Given the fact that the majority of Android phones have removable SD cards for memory, not encrypted storage and no secure enclave to store highly sensitive data, you should not be bringing up this remark at all...
    Most Android phones in use probably DON'T have removable storage aka SD cards altho proving the percentage with and without is impossible as far as I can tell.  In any event many old ones never had removable storage in the first place and SD card slots have become increasingly rarer since 2015. Why that year? Mandatory encryption was enacted under Android 6.x Marshmallow. Devices running 6.x and newer currently comprise roughly 70% of those handsets in active use. Add to that companies understanding that they were leaving profit on the table by not forcing users to choose a storage tier when they bought their phones and IMHO most users erring on the side of too much. As an example of how little we might actually need my current daily driver only has 32GB built in and no SD. Because I use cloud photo storage along with Google Drive I still have 45% of that free, and that's with 102 installed apps. 

    So back to the security discussion: Are you truly concerned about who has access to your personal information and wish to be the one in command of it rather than any third party? Even Apple has bent over when push comes to shove in protecting their business interests. See China. 

    Get behind Tim Berners-Lee's Solid efforts, a standard for controlling how, where and why your privacy is shared using the existing internet structure. You have 100% control of your personal data.
    Read how it works here:
    https://solid.inrupt.com/how-it-works

    His announcement of it from this weekend follows:

    "Solid is a platform, built using the existing web. It gives every user a choice about where data is stored, which specific people and groups can access select elements, and which apps you use. It allows you, your family and colleagues, to link and share data with anyone. It allows people to look at the same data with different apps at the same time.

    It is going to take a lot of effort to build the new Solid platform and drive broad adoption but I think we have enough energy to take the world to a new tipping point.

    So I have taken a sabbatical from MIT, reduced my day-to-day involvement with the World Wide Web Consortium (W3C) and founded a company called inrupt where I will be guiding the next stage of the web in a very direct way. Inrupt will be the infrastructure allowing Solid to flourish. Its mission is to provide commercial energy and an ecosystem to help protect the integrity and quality of the new web built on Solid."


    edited October 2018
Sign In or Register to comment.