iOS 5.1 Bugs/Issues/Findings

Toggle sidebar Toggle sidebar
Fausty82

Fausty82

Well-known member
Jun 23, 2010
8,484
286
0
Visit site
Fausty82 said:
9to5Mac is reporting a "major security flaw" with the lock screen camera access... they claim that if you have a password set, you can bypass the lock screen by opening the camera, going to the camera roll, and gain access to your phone. When I tried it, I could not get to the camera roll because of the passord (I got a screen saying that my phone was locked and that I needed to unlock it to get to the camera roll).

Can anybody get past their lock screen with this method?

In iOS 5.1, major security flaw with lock screen camera slider | 9to5Mac | Apple Intelligence
Click to expand...

After some further testing, this IS an issue. There are two settings for locking your phone... the Auto-Lock setting (values of 1, 2, 3, 4, 5 minutes and never) and the Passcode Lock (Immediate, > 1, 5, 15 minutes, > 1, 4 hours). I had my Auto-Lock set to > 1 minute, but the Passcode Lock was set to ON and IMMEDIATE. The flaw does not affect Passcode Lock > Immediate. When I changed the Passcode Lock to > 1 minute, I could bypass the setting and gain full access to my phone without entering the lock code.

The only way to prevent bypass is to set the Passcode Lock to Immediate.
 
NoleScream

NoleScream

Well-known member
Oct 13, 2011
178
11
0
Visit site
Fausty82 said:
After some further testing, this IS an issue. There are two settings for locking your phone... the Auto-Lock setting (values of 1, 2, 3, 4, 5 minutes and never) and the Passcode Lock (Immediate, > 1, 5, 15 minutes, > 1, 4 hours). I had my Auto-Lock set to > 1 minute, but the Passcode Lock was set to ON and IMMEDIATE. The flaw does not affect Passcode Lock > Immediate. When I changed the Passcode Lock to > 1 minute, I could bypass the setting and gain full access to my phone without entering the lock code.

The only way to prevent bypass is to set the Passcode Lock to Immediate.
Click to expand...

How is that an issue? They are two separate settings and work as indicated. It's not a flaw. I like my lock screen time and passcode lock times to be different so that if I need to wake the phone up 30 seconds after I lock it, I don't have to punch in a code (like if I forgot to add a reminder or something). More than that and I want to have to enter the passcode.

If someone wants immediate lock, then passcode needs to be set to immediate and nothing longer.

This is not a flaw, it is expected behavior based on the settings.
 
Fausty82

Fausty82

Well-known member
Jun 23, 2010
8,484
286
0
Visit site
NoleScream said:
How is that an issue? They are two separate settings and work as indicated. It's not a flaw. I like my lock screen time and passcode lock times to be different so that if I need to wake the phone up 30 seconds after I lock it, I don't have to punch in a code (like if I forgot to add a reminder or something). More than that and I want to have to enter the passcode.

If someone wants immediate lock, then passcode needs to be set to immediate and nothing longer.

This is not a flaw, it is expected behavior based on the settings.
Click to expand...

The issue is NOT the one you describe... that post was meant to explain why I was not able to recreate the security flaw described in the referenced link... (This was not initially clear in the linked article, as the video that shows the flaw was not in the initial article. It has been added to demonstrate the flaw.)

The issue is that IF the Passcode Lock is NOT set to IMMEDIATE, one can bypass the security lock code via the lockscreen camera access.

To verify the flaw:

  1. Make sure Passcode Lock is set to something other than IMMEDUATE
  2. Have a passcode lock set
  3. Lock your phone
  4. On the lock screen, slide the CAMERA icon up to open the camera app
  5. Tap on the little icon in the lower left corner of the app to access your Camera Roll
  6. From the Camera Roll app, tap the Home button
  7. You now have full access to your phone without entering the lockscreen code

THAT, sportsfans, is the security flaw.
 
Last edited:
  • Like
Reactions: so.long.pre
S

Steve28

Well-known member
Jun 26, 2011
91
15
0
Visit site
Fausty82 said:
The issue is NOT the one you describe... that post was meant to explain why I was not able to recreate the security flaw described in the referenced link... (This was not initially clear in the linked article, as the video that shows the flaw was not in the initial article. It has been added to demonstrate the flaw.)

The issue is that IF the Passcode Lock is NOT set to IMMEDIATE, one can bypass the security lock code via the lockscreen camera access.

To verify the flaw:

  1. Make sure Passcode Lock is set to something other than IMMEDUATE
  2. Have a passcode lock set
  3. Lock your phone
  4. Wait for longer than the time you set in step 1
  5. On the lock screen, slide the CAMERA icon up to open the camera app
  6. Tap on the little icon in the lower left corner of the app to access your Camera Roll
  7. From the Camera Roll app, tap the Home button
  8. You now have full access to your phone without entering the lockscreen code

THAT, sportsfans, is the security flaw.
Click to expand...

If you do that extra step I show above, do you still get past the lock screen?
 
GingerSnapsBack

GingerSnapsBack

Well-known member
Oct 18, 2011
1,926
33
0
Visit site
Fausty82 said:
The issue is NOT the one you describe... that post was meant to explain why I was not able to recreate the security flaw described in the referenced link... (This was not initially clear in the linked article, as the video that shows the flaw was not in the initial article. It has been added to demonstrate the flaw.)

The issue is that IF the Passcode Lock is NOT set to IMMEDIATE, one can bypass the security lock code via the lockscreen camera access.

To verify the flaw:

  1. Make sure Passcode Lock is set to something other than IMMEDUATE
  2. Have a passcode lock set
  3. Lock your phone
  4. On the lock screen, slide the CAMERA icon up to open the camera app
  5. Tap on the little icon in the lower left corner of the app to access your Camera Roll
  6. From the Camera Roll app, tap the Home button
  7. You now have full access to your phone without entering the lockscreen code

THAT, sportsfans, is the security flaw.
Click to expand...


Wow. I tried the steps you said and it worked. My passcode lock was set on immediate and I tried it that way and couldn't get past the lock screen. I changed to one minute and it worked. I bypassed the lock screen completely.
 
stoneland

stoneland

Well-known member
Jan 10, 2011
214
5
0
Visit site
That's a pretty big flaw. I never liked having camera access from the lock screen anyway...wish I could get rid of it...
 
S

Steve28

Well-known member
Jun 26, 2011
91
15
0
Visit site
This does not work for me - when I do the steps above, I get taken to a screen that shows a pic of a camera in the middle and it says "Your phone is locked. Unlock your phone to see all of your photos and videos. If I then press the home button, the passcode screen comes up
 
stoneland

stoneland

Well-known member
Jan 10, 2011
214
5
0
Visit site
Steve28, is your time set to "Immediately"? That is what mine is set to and it does not work. I think people are saying if it's set to anything other than "Immediately" you can access your device without unlocking.

I don't know if this is really a security flaw. It's a flaw, sure, but if you have your time set to something like 1 minute doesn't it make sense that it won't ask you for the passcode because the time hasn't passed? :confused:
 
G

gwhelan

New member
Feb 10, 2011
2
0
0
Visit site
Peligro911 said:
Photo stream delete only deletes the photo from the stream on that device ? Better than none but would like to delete from all devices


Sent Into Orbit from my iPhone 4S using Tapatalk
Click to expand...

It will delete from all devices if the picture was taken after installing IOS 5.1. Previous pictures only delete as per the device they are on.
 
dmt316

dmt316

Well-known member
Apr 26, 2011
497
9
0
Visit site
So I was on the beta 5.1 and I downloaded the GM 5.1 ipsw from one of the sites and reloaded my phone. I dont have the new camera on the lock screen and my phone says im on build 9B5141a. I tried to resotore my phone again but i was not able to, I kept getting the your phone is not elidgeble for the req file error. I tried it on 2 diffrent computers. Any ideas??
 
ladyc0524

ladyc0524

Trusted Member
Dec 8, 2010
7,381
8
38
Visit site
I had this same issue yesterday, but realized the problem after reading in another thread that it was due to my jailbreak..so I just plugged it in and updated. Not really concerned about losing the jailbreak either
 
Fausty82

Fausty82

Well-known member
Jun 23, 2010
8,484
286
0
Visit site
Steve28 said:
If you do that extra step I show above, do you still get past the lock screen?
Click to expand...

After your post, I started thinking that you may be right... that the timer is now involved... but my still bypassed the lockscreen... so I tested on my wife's iPhone 4 and you must wait for the timer (in her case, 1 minute) to elapse before it required the password... AS SHOULD BE EXPECTED.

So I did a hard reset on my iPhone 4S and now it, too will only bypass the lockscreen until the timer expires...

whew... after all of that, I'd have to agree that this is "working as designed".
 
Fausty82

Fausty82

Well-known member
Jun 23, 2010
8,484
286
0
Visit site
stoneland said:
Steve28, is your time set to "Immediately"? That is what mine is set to and it does not work. I think people are saying if it's set to anything other than "Immediately" you can access your device without unlocking.

I don't know if this is really a security flaw. It's a flaw, sure, but if you have your time set to something like 1 minute doesn't it make sense that it won't ask you for the passcode because the time hasn't passed? :confused:
Click to expand...

After testing, I have to agree, that there is NO security flaw... if you set it to IMMEDIATELY, it's, well, immediate. If you set it to some other value, there us a timer involved before you are required to enter the password - exactly as one would expect. Steve28 is correct.
 
S

Steve28

Well-known member
Jun 26, 2011
91
15
0
Visit site
stoneland said:
Steve28, is your time set to "Immediately"? That is what mine is set to and it does not work. I think people are saying if it's set to anything other than "Immediately" you can access your device without unlocking.

I don't know if this is really a security flaw. It's a flaw, sure, but if you have your time set to something like 1 minute doesn't it make sense that it won't ask you for the passcode because the time hasn't passed? :confused:
Click to expand...

Auto-Lock = 2 min.
Passcode Lock = 15 min.

With these settings, I cannot get access without entering the passcode (as long as it's been at least 15 min since I locked the phone)
 
You must log in or register to reply here.

Similar threads

iMore.com
macOS Sonoma 14.4.1 rolling out to fix USB hub issues and other bugs on your Mac
Replies
0
Views
97
iMore.com News Discussion & Contests
iMore.com
iMore.com
gjh1978
iOS 17.4/17.4.1 (both versions) bug
Replies
12
Views
612
iOS
gjh1978
gjh1978
iMore.com
Apple issues fix for Palestinian flag controversy in iOS 17.5
Replies
1
Views
50
iMore.com News Discussion & Contests
simonmann
S
iMore.com
VisionOS 1.1 beta 4 update brings your digital objects closer to your face and fixes loads of bugs
Replies
0
Views
96
iMore.com News Discussion & Contests
iMore.com
iMore.com
iMore.com
The iMore Show Podcast — Episode 867: iOS 18 paused to fix some big bugs
Replies
0
Views
311
iMore.com News Discussion & Contests
iMore.com
iMore.com

Latest posts

Trending Posts

Members online

Total: 619 (members: 3, guests: 616)

Forum statistics

Threads
260,343
Messages
1,766,488
Members
441,237
Latest member
Tomwex73

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom