Want to highlight a helpful answer? Upvote!

Did someone help you, or did an answer or User Tip resolve your issue? Upvote by selecting the upvote arrow. Your feedback helps others! Learn more about when to upvote >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Axel_87
Axel_87 Author
User level: Level 1
0 points

Security vulnerability in iOS 5 Lockscreen

Hello Community,


I found out a serious security-vulnerability in iOS 5. You can unlock the iPhone without having to enter a passcode by using the camera-shortcut in the lockscreen. Here´s the way to reproduce the problem:


  1. Make sure the iPhone is secured with an password/passcode and is locked
  2. Doubletap the homebutton and use the camera-shortcut
  3. Swipe to the right to bring up the recently taken photos
  4. Press the homebutton
  5. You now should be taken directly to the homescreen without having to enter the passcode


I can`t repreoduce the problem every time I try it, but it works in about 6/10 cases. I´m using the iPhone 4S w. iOS5


I hope you`ll read this and report it to apple.


Axel

iPhone 4S, iOS 5

Posted on Oct 31, 2011 10:47 AM

Reply
15 replies
User profile for user: William Rivas
William Rivas
User level: Level 5
4,287 points

Oct 31, 2011 12:11 PM in response to Axel_87

Axel_87 wrote:


Hello Community,


I found out a serious security-vulnerability in iOS 5. You can unlock the iPhone without having to enter a passcode by using the camera-shortcut in the lockscreen. Here´s the way to reproduce the problem:


  1. Make sure the iPhone is secured with an password/passcode and is locked
  2. Doubletap the homebutton and use the camera-shortcut
  3. Swipe to the right to bring up the recently taken photos
  4. Press the homebutton
  5. You now should be taken directly to the homescreen without having to enter the passcode


I can`t repreoduce the problem every time I try it, but it works in about 6/10 cases. I´m using the iPhone 4S w. iOS5


I hope you`ll read this and report it to apple.


Axel

Tried it. Doesn't work. You may want to do a hard reset to see if something is not right. Tried both immediate and 1 minute. No success.


User uploaded file

Reply
User profile for user: mollib
mollib
User level: Level 2
491 points

Oct 31, 2011 12:19 PM in response to Axel_87

So I can duplicate this using the settings you're using: Require passcode 15 minutes, auto-lock 5. Although I don't think auto-lock has anything to do with it.


If you're requiring the passcode not be active until 15 minutes have passed, then anytime before that 15 minutes, I think you'll be able to follow the steps you outlined and get into the phone. Isn't that right? I'd say that's not a bug but design.


Or is my logic off somewhere?


When I set require passcode to Immediate, it doesn't work and my phone remains locked.

Reply
User profile for user: ernieUK
ernieUK
User level: Level 1
0 points

Mar 18, 2012 8:16 AM in response to Axel_87

I had this issue but it seems to work like this for me.


I have passcode required set to 1 minute. If I let it lock with time inactive the above procedure still sees the phone ask for a passcode and therefore seems secure but....


if I lock the phone manually with the power button and wake it via the home button or power button it will be at the lock screen asking for me to slide to unlock or offering the camera, as we know. If I slide to unlock it requires the passcode. If, however, I don't slide to unlock but open the camera and then hit home (as discussed above) the phone opens with NO passcode.


I do see this as a bug as the phone seems to be passcode locked but isn't. Passcode times are always going to be a compromise between security and convenience I find 1 minute a reasonable compromise.


Hope this helps

Reply

Security vulnerability in iOS 5 Lockscreen

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up