1. Fausty82's Avatar
    9to5Mac is reporting a "major security flaw" with the lock screen camera access... they claim that if you have a password set, you can bypass the lock screen by opening the camera, going to the camera roll, and gain access to your phone. When I tried it, I could not get to the camera roll because of the passord (I got a screen saying that my phone was locked and that I needed to unlock it to get to the camera roll).

    Can anybody get past their lock screen with this method?

    In iOS 5.1, major security flaw with lock screen camera slider | 9to5Mac | Apple Intelligence
    After some further testing, this IS an issue. There are two settings for locking your phone... the Auto-Lock setting (values of 1, 2, 3, 4, 5 minutes and never) and the Passcode Lock (Immediate, > 1, 5, 15 minutes, > 1, 4 hours). I had my Auto-Lock set to > 1 minute, but the Passcode Lock was set to ON and IMMEDIATE. The flaw does not affect Passcode Lock > Immediate. When I changed the Passcode Lock to > 1 minute, I could bypass the setting and gain full access to my phone without entering the lock code.

    The only way to prevent bypass is to set the Passcode Lock to Immediate.
    03-08-2012 10:22 AM
  2. NoleScream's Avatar
    After some further testing, this IS an issue. There are two settings for locking your phone... the Auto-Lock setting (values of 1, 2, 3, 4, 5 minutes and never) and the Passcode Lock (Immediate, > 1, 5, 15 minutes, > 1, 4 hours). I had my Auto-Lock set to > 1 minute, but the Passcode Lock was set to ON and IMMEDIATE. The flaw does not affect Passcode Lock > Immediate. When I changed the Passcode Lock to > 1 minute, I could bypass the setting and gain full access to my phone without entering the lock code.

    The only way to prevent bypass is to set the Passcode Lock to Immediate.
    How is that an issue? They are two separate settings and work as indicated. It's not a flaw. I like my lock screen time and passcode lock times to be different so that if I need to wake the phone up 30 seconds after I lock it, I don't have to punch in a code (like if I forgot to add a reminder or something). More than that and I want to have to enter the passcode.

    If someone wants immediate lock, then passcode needs to be set to immediate and nothing longer.

    This is not a flaw, it is expected behavior based on the settings.
    03-08-2012 10:37 AM
  3. Fausty82's Avatar
    How is that an issue? They are two separate settings and work as indicated. It's not a flaw. I like my lock screen time and passcode lock times to be different so that if I need to wake the phone up 30 seconds after I lock it, I don't have to punch in a code (like if I forgot to add a reminder or something). More than that and I want to have to enter the passcode.

    If someone wants immediate lock, then passcode needs to be set to immediate and nothing longer.

    This is not a flaw, it is expected behavior based on the settings.
    The issue is NOT the one you describe... that post was meant to explain why I was not able to recreate the security flaw described in the referenced link... (This was not initially clear in the linked article, as the video that shows the flaw was not in the initial article. It has been added to demonstrate the flaw.)

    The issue is that IF the Passcode Lock is NOT set to IMMEDIATE, one can bypass the security lock code via the lockscreen camera access.

    To verify the flaw:

    1. Make sure Passcode Lock is set to something other than IMMEDUATE
    2. Have a passcode lock set
    3. Lock your phone
    4. On the lock screen, slide the CAMERA icon up to open the camera app
    5. Tap on the little icon in the lower left corner of the app to access your Camera Roll
    6. From the Camera Roll app, tap the Home button
    7. You now have full access to your phone without entering the lockscreen code


    THAT, sportsfans, is the security flaw.
    Last edited by Fausty82; 03-08-2012 at 11:08 AM.
    so.long.pre likes this.
    03-08-2012 11:05 AM
  4. Steve28's Avatar
    The issue is NOT the one you describe... that post was meant to explain why I was not able to recreate the security flaw described in the referenced link... (This was not initially clear in the linked article, as the video that shows the flaw was not in the initial article. It has been added to demonstrate the flaw.)

    The issue is that IF the Passcode Lock is NOT set to IMMEDIATE, one can bypass the security lock code via the lockscreen camera access.

    To verify the flaw:

    1. Make sure Passcode Lock is set to something other than IMMEDUATE
    2. Have a passcode lock set
    3. Lock your phone
    4. Wait for longer than the time you set in step 1
    5. On the lock screen, slide the CAMERA icon up to open the camera app
    6. Tap on the little icon in the lower left corner of the app to access your Camera Roll
    7. From the Camera Roll app, tap the Home button
    8. You now have full access to your phone without entering the lockscreen code


    THAT, sportsfans, is the security flaw.
    If you do that extra step I show above, do you still get past the lock screen?
    03-08-2012 11:14 AM
  5. GingerSnapsBack's Avatar
    The issue is NOT the one you describe... that post was meant to explain why I was not able to recreate the security flaw described in the referenced link... (This was not initially clear in the linked article, as the video that shows the flaw was not in the initial article. It has been added to demonstrate the flaw.)

    The issue is that IF the Passcode Lock is NOT set to IMMEDIATE, one can bypass the security lock code via the lockscreen camera access.

    To verify the flaw:

    1. Make sure Passcode Lock is set to something other than IMMEDUATE
    2. Have a passcode lock set
    3. Lock your phone
    4. On the lock screen, slide the CAMERA icon up to open the camera app
    5. Tap on the little icon in the lower left corner of the app to access your Camera Roll
    6. From the Camera Roll app, tap the Home button
    7. You now have full access to your phone without entering the lockscreen code


    THAT, sportsfans, is the security flaw.

    Wow. I tried the steps you said and it worked. My passcode lock was set on immediate and I tried it that way and couldn't get past the lock screen. I changed to one minute and it worked. I bypassed the lock screen completely.
    03-08-2012 11:28 AM
  6. stoneland's Avatar
    That's a pretty big flaw. I never liked having camera access from the lock screen anyway...wish I could get rid of it...
    03-08-2012 11:33 AM
  7. Fausty82's Avatar
    If you do that extra step I show above, do you still get past the lock screen?
    Yes... whether you wait for the duration to pass or lock the screen immediately, either way, you're in.
    03-08-2012 11:34 AM
  8. Steve28's Avatar
    This does not work for me - when I do the steps above, I get taken to a screen that shows a pic of a camera in the middle and it says "Your phone is locked. Unlock your phone to see all of your photos and videos. If I then press the home button, the passcode screen comes up
    03-08-2012 11:51 AM
  9. stoneland's Avatar
    Steve28, is your time set to "Immediately"? That is what mine is set to and it does not work. I think people are saying if it's set to anything other than "Immediately" you can access your device without unlocking.

    I don't know if this is really a security flaw. It's a flaw, sure, but if you have your time set to something like 1 minute doesn't it make sense that it won't ask you for the passcode because the time hasn't passed?
    03-08-2012 11:55 AM
  10. gwhelan's Avatar
    Photo stream delete only deletes the photo from the stream on that device ? Better than none but would like to delete from all devices


    Sent Into Orbit from my iPhone 4S using Tapatalk
    It will delete from all devices if the picture was taken after installing IOS 5.1. Previous pictures only delete as per the device they are on.
    03-08-2012 11:56 AM
  11. dmt316's Avatar
    So I was on the beta 5.1 and I downloaded the GM 5.1 ipsw from one of the sites and reloaded my phone. I dont have the new camera on the lock screen and my phone says im on build 9B5141a. I tried to resotore my phone again but i was not able to, I kept getting the your phone is not elidgeble for the req file error. I tried it on 2 diffrent computers. Any ideas??
    03-08-2012 11:57 AM
  12. applehead79's Avatar
    I wonder how long this iMessage deal will go on for....
    03-08-2012 12:00 PM
  13. LyndaP's Avatar
    I'm plugged into the computer and can't get past the "Connecting to Server" message.
    03-08-2012 12:06 PM
  14. ladyc0524's Avatar
    I had this same issue yesterday, but realized the problem after reading in another thread that it was due to my jailbreak..so I just plugged it in and updated. Not really concerned about losing the jailbreak either
    03-08-2012 12:14 PM
  15. hellomiggy's Avatar
    Download from here iPhone, iPod, iPad and Firmware/Software Download It will be on there, just look for your device. Once it is done downloading, On Mac, you hold down Option + Update/Restore. On Windows, hold down Shift + Update/Restore. Since it's an Update, Click Update haha.
    03-08-2012 12:16 PM
  16. GingerSnapsBack's Avatar
    I wonder how long this iMessage deal will go on for....
    Mine works fine. I've iMessaged several people and have had no problems. Turn your iMessage off, wait a few minutes then turn it on. See if that fixes it.
    tluv004 likes this.
    03-08-2012 12:22 PM
  17. Fausty82's Avatar
    If you do that extra step I show above, do you still get past the lock screen?
    After your post, I started thinking that you may be right... that the timer is now involved... but my still bypassed the lockscreen... so I tested on my wife's iPhone 4 and you must wait for the timer (in her case, 1 minute) to elapse before it required the password... AS SHOULD BE EXPECTED.

    So I did a hard reset on my iPhone 4S and now it, too will only bypass the lockscreen until the timer expires...

    whew... after all of that, I'd have to agree that this is "working as designed".
    03-08-2012 12:24 PM
  18. Fausty82's Avatar
    Steve28, is your time set to "Immediately"? That is what mine is set to and it does not work. I think people are saying if it's set to anything other than "Immediately" you can access your device without unlocking.

    I don't know if this is really a security flaw. It's a flaw, sure, but if you have your time set to something like 1 minute doesn't it make sense that it won't ask you for the passcode because the time hasn't passed?
    After testing, I have to agree, that there is NO security flaw... if you set it to IMMEDIATELY, it's, well, immediate. If you set it to some other value, there us a timer involved before you are required to enter the password - exactly as one would expect. Steve28 is correct.
    03-08-2012 12:26 PM
  19. Steve28's Avatar
    Steve28, is your time set to "Immediately"? That is what mine is set to and it does not work. I think people are saying if it's set to anything other than "Immediately" you can access your device without unlocking.

    I don't know if this is really a security flaw. It's a flaw, sure, but if you have your time set to something like 1 minute doesn't it make sense that it won't ask you for the passcode because the time hasn't passed?
    Auto-Lock = 2 min.
    Passcode Lock = 15 min.

    With these settings, I cannot get access without entering the passcode (as long as it's been at least 15 min since I locked the phone)
    03-08-2012 12:27 PM
  20. Steve28's Avatar
    I'm plugged into the computer and can't get past the "Connecting to Server" message.
    They mean - update through iTunes
    03-08-2012 12:31 PM
  21. xandermac's Avatar
    Set password required after 1 minute. Waited the one minute and tried to gain access thru the camera app. No access granted. Works perfectly fine.

    Dictation still doesn't work properly though. Screen stays on when the phone is raised to my ear. Can anyone replicate this?


    Sent from my iPhone4s using Tapatalk
    03-08-2012 12:33 PM
  22. Garz's Avatar
    I have seen a few people on Twitter on the regular 4 say they had this problem. Not JB and they tried both OTA and via iTunes on pc and or Mac. Not sure what the cause of this is. Both of my 4S's updated fine first try via iTunes on Mac. Never tried OTA.
    03-08-2012 12:34 PM
  23. jeans94621's Avatar
    Steve28, is your time set to "Immediately"? That is what mine is set to and it does not work. I think people are saying if it's set to anything other than "Immediately" you can access your device without unlocking.

    I don't know if this is really a security flaw. It's a flaw, sure, but if you have your time set to something like 1 minute doesn't it make sense that it won't ask you for the passcode because the time hasn't passed?
    This was happening on my iPod touch and not my iPhone 4 but I rebooted my iPod and it works fine now. When you go into the camera app you cannot go further without your unlock code. I have tried all settings from 1minutes to never.
    03-08-2012 12:44 PM
  24. Chris B 1364's Avatar
    I'm having the same problem..... I've tried both way on my iPhone 4s and my wife's 4 with no luck at all.... and my iPad 1 and 2 won't update either.... At a lost on this
    03-08-2012 12:52 PM
  25. rewNATION's Avatar
    OTA hardly ever works for me. It just checks for about a solid minute then a message pops up that reads "unable to check for update, an error occured while checking for a software update". Am I supposed to be connected to wi-fi just to check for the update? I'd like to do this OTA because my internet at home is so slow and 5.0.1 took almost 2 hours.
    03-08-2012 12:55 PM
245 ... 34567 ...
LINK TO POST COPIED TO CLIPBOARD