Flaw in latest iOS 10.x versions allows anyone to access your photos, contacts

Welcome to our Community
Wanting to join the rest of our members? Feel free to sign up today.
Sign up

Rafagon

Genius
Gold
Dec 7, 2011
7,566
1,252
113
44
Miami, Florida
#1
Redmond Pie reports on this disturbing flaw that allows anyone to see all your photos (yes, including those rather dirty ones starring you, Erika and Melinda in the break room that one night) and contacts without having to unlock your iPhone:

“… we were shown a video of an iPhone running the latest iOS 10.2 being tricked into giving someone access to the Camera Roll and Contacts app all whilst remaining locked, we took notice. The 4 minute video demonstrates how exactly anyone, I repeat, anyone can access your locked iPhone without having to deal with the passcode.”

iDeviceHelp’s Miguel demonstrates the shockingly simple security hole in this video:


Looks like Apple needs to put out yet another iOS 10.1.1 rather soon.
 

RoofMonkey

Genius
Gold
Jun 21, 2010
8,856
2,047
113
Florida
#2
Since 10.2 is still in beta, maybe they will kill this exploit before it's GM ?

Redmond Pie reports on this disturbing flaw that allows anyone to see all your photos (yes, including those rather dirty ones starring you, Erika and Melinda in the break room that one night) and contacts without having to unlock your iPhone:

“… we were shown a video of an iPhone running the latest iOS 10.2 being tricked into giving someone access to the Camera Roll and Contacts app all whilst remaining locked, we took notice. The 4 minute video demonstrates how exactly anyone, I repeat, anyone can access your locked iPhone without having to deal with the passcode.”

iDeviceHelp’s Miguel demonstrates the shockingly simple security hole in this video:


Looks like Apple needs to put out yet another iOS 10.1.1 rather soon.
 

iPutz

Zealot
Silver
Nov 20, 2012
941
184
43
71
US Midwest
#3
Turn off the ability to access Siri from the lock screen in Settings and that method, which allows a stranger to access information on your phone, no longer works. You will need to press the home button with a finger registered with the fingerprint scanner or enter the lock code to access Siri rather than just saying "Hey Siri" to a locked iPhone. It's not that hard to properly secure an iPhone from a stranger's eyes. Personally, anyone that fails to properly secure their iPhone deserves what they get when the phone is lost, stolen or their boyfriend/girlfriend tries to go snooping.
 

Rafagon

Genius
Gold
Dec 7, 2011
7,566
1,252
113
44
Miami, Florida
#4
Turn off the ability to access Siri from the lock screen in Settings and that method, which allows a stranger to access information on your phone, no longer works. You will need to press the home button with a finger registered with the fingerprint scanner or enter the lock code to access Siri rather than just saying "Hey Siri" to a locked iPhone. It's not that hard to properly secure an iPhone from a stranger's eyes. Personally, anyone that fails to properly secure their iPhone deserves what they get when the phone is lost, stolen or their boyfriend/girlfriend tries to go snooping.
That is a good workaround, mentioned in the video.

Just to be sure, you’re not suggesting that enabling an iOS feature (i.e., “Hey Siri” to a locked iPhone) constitutes a failure to properly secure one’s iPhone, correct?
 

iPutz

Zealot
Silver
Nov 20, 2012
941
184
43
71
US Midwest
#5
Yes, that is precisely what I am saying. If I knowingly allow a setting to remain turned on which can result in an unauthorized access to my phone or any of its data then yes that is a failure on my part to secure the phone properly.
 

Rafagon

Genius
Gold
Dec 7, 2011
7,566
1,252
113
44
Miami, Florida
#6
Yes, that is precisely what I am saying. If I knowingly allow a setting to remain turned on which can result in an unauthorized access to my phone or any of its data then yes that is a failure on my part to secure the phone properly.
Well, anyone who has seen the report/post about the flaw that I posted knows about it. Joe Average might not check into Redmond Pie (or Apple-related tech sites in general) every day and he cannot be blamed for that, right?
 

iPutz

Zealot
Silver
Nov 20, 2012
941
184
43
71
US Midwest
#7
Well, anyone who has seen the report/post about the flaw that I posted knows about it. Joe Average might not check into Redmond Pie (or Apple-related tech sites in general) every day and he cannot be blamed for that, right?
To those people I say ignorance is no excuse. If a person treats something so important as their personal information with such low regard then they deserve what they get. Unfortunately, some of my information may be in their device which is all the more reason for me to be vigilant. Am I being paranoid? Maybe, but in this present day world you almost need to be.