Flaw in latest iOS 10.x versions allows anyone to access your photos, contacts

Discussion in 'iOS 10' started by Rafagon, Nov 18, 2016.

  1. Rafagon

    Rafagon Genius
    Gold

    Joined:
    Dec 7, 2011
    Likes Received:
    1,241
    Redmond Pie reports on this disturbing flaw that allows anyone to see all your photos (yes, including those rather dirty ones starring you, Erika and Melinda in the break room that one night) and contacts without having to unlock your iPhone:

    “… we were shown a video of an iPhone running the latest iOS 10.2 being tricked into giving someone access to the Camera Roll and Contacts app all whilst remaining locked, we took notice. The 4 minute video demonstrates how exactly anyone, I repeat, anyone can access your locked iPhone without having to deal with the passcode.”

    iDeviceHelp’s Miguel demonstrates the shockingly simple security hole in this video:



    Looks like Apple needs to put out yet another iOS 10.1.1 rather soon.
     
  2. RoofMonkey

    RoofMonkey Genius
    Gold

    Joined:
    Jun 21, 2010
    Likes Received:
    2,022
    Since 10.2 is still in beta, maybe they will kill this exploit before it's GM ?

     
  3. iPutz

    iPutz Zealot
    Silver

    Joined:
    Nov 20, 2012
    Likes Received:
    176
    Turn off the ability to access Siri from the lock screen in Settings and that method, which allows a stranger to access information on your phone, no longer works. You will need to press the home button with a finger registered with the fingerprint scanner or enter the lock code to access Siri rather than just saying "Hey Siri" to a locked iPhone. It's not that hard to properly secure an iPhone from a stranger's eyes. Personally, anyone that fails to properly secure their iPhone deserves what they get when the phone is lost, stolen or their boyfriend/girlfriend tries to go snooping.
     
  4. Rafagon

    Rafagon Genius
    Gold

    Joined:
    Dec 7, 2011
    Likes Received:
    1,241
    That is a good workaround, mentioned in the video.

    Just to be sure, you’re not suggesting that enabling an iOS feature (i.e., “Hey Siri” to a locked iPhone) constitutes a failure to properly secure one’s iPhone, correct?
     
  5. iPutz

    iPutz Zealot
    Silver

    Joined:
    Nov 20, 2012
    Likes Received:
    176
    Yes, that is precisely what I am saying. If I knowingly allow a setting to remain turned on which can result in an unauthorized access to my phone or any of its data then yes that is a failure on my part to secure the phone properly.
     
  6. Rafagon

    Rafagon Genius
    Gold

    Joined:
    Dec 7, 2011
    Likes Received:
    1,241
    Well, anyone who has seen the report/post about the flaw that I posted knows about it. Joe Average might not check into Redmond Pie (or Apple-related tech sites in general) every day and he cannot be blamed for that, right?
     
  7. iPutz

    iPutz Zealot
    Silver

    Joined:
    Nov 20, 2012
    Likes Received:
    176
    To those people I say ignorance is no excuse. If a person treats something so important as their personal information with such low regard then they deserve what they get. Unfortunately, some of my information may be in their device which is all the more reason for me to be vigilant. Am I being paranoid? Maybe, but in this present day world you almost need to be.
     

Share This Page