Skip to main content

iOS security vulnerability

My post earlier today about hacking the iPhone 5S's TouchID was talking about something major: access to everything in the phone. But that post mattered to you only if you have an iPhone 5S (the brand new, higher-end model). There is another vulnerability that affects just about everybody with an iPhone, at least if you've upgraded to iOS 7.

If the phone you're trying to get allows access to the Control Center from the lock screen, it's possible for someone who knows a fairly simple trick to get into your photos and some other parts of your phone's content. You can read about it here:

Forbes/Andy Greenburg: 
iOS 7 Bug Lets Anyone Bypass iPhone's Lockscreen To Hijack Photos, Email, Or Twitter

I just confirmed that this is possible using my own iPhone 5. I'm writing this on 9/23/13 and using the current (latest) version of iOS 7 (11A465).

Unauthorized access to your email is the biggest danger here. Remember, somebody with access to your email may be able to change your password to other accounts. So even though this bug doesn't immediately give the intruder full access to your phone, it's potentially serious.

But there's a fix, and you should take advantage of it. Simply disable Control Center on the lock screen:

Settings > Control Center > Access on Lock Screen (turn off)

Should be off by default but it isn't.
Labels:

Comments

Post a Comment

Popular posts from this blog

Setting up OAUTH with Google in FileMaker 16

Setting up OAuth with Google in FileMaker 16 Posted by William Porter Intended audience: Intermediate to Advanced FileMaker developers Date of publication: 2017-June-06 Updated: 2018-June-06 One of the many exciting features in FileMaker 16 (released May 2017) is OAuth or Open Authentication. Open Authentication allows users to connect to a FileMaker database after authenticating with an external (non-FileMaker) account. At the present time, FileMaker supports OAuth through Google, Amazon and Microsoft. If you're a developer there are two main questions to answer. First, should I do this? And second, how do I do it? I'll answer the first question later. It's important. But the other question-- How  do I setup OAuth?--is answered in the attached document. I wrote this tutorial with the help of my friend and colleague Taylor Sharpe of Taylor Made Services , also here in Dallas. We provide step-by-step instructions on how to get your users authenticating in...
6 comments
Read more

Virtual List Basics

The concept The basic trick behind virtual lists is the wonderful GetValue() function. GetValue() takes two parameters: A list of return-delimited values A number specifying which value in the list to get For example say you have a field in a single record called “List of Values” and it contains the following:    Apple    Boy    Cat    Doorknob    Elephant    Fish When that record is selected, GetValue ( MYTABLE::List of Values ; 4 ) will return “Doorknob”. The brilliant idea is to replace the list of values stored in a field with a list in a global variable . The basic implementation, part one Create a table called VIRTUALLIST. In it, define these two fields: VALUE NUMBER: a number field Value_calc: calc field returning text value, = “GetValue ( $$VALUES; VALUENUMBER )”. Make sure that this value is an unstored calculation. Go to the layout for the VIRTUALLIST table and create s...
Post a Comment
Read more

Chrome becomes my default browser

Just discovered quite by accident that I can now zoom text in Chrome on the Mac (version 42) by double-tapping with two fingers . I gather this may have been added a little earlier this year but I only just noticed it. Anyway, that eliminates the last reason to keep using Safari, for me, anyway. The other major advantage of Chrome is what Chrome calls "presentation mode". This provides  true full-screen browsing , that is, the ability to fill the display with the contents of a single tab without menus, the bookmark bar, the location bar or visible tabs. Safari (version 8.0.5) can't do it at all. Opera Beta can do it, but does it badly. In Opera, once you hide the location bar, you can't type Cmd-L to enter a new URL. Presentation mode doesn't mean a lot to me on my iMac's big display, but on my 11" Macbook Air, getting rid of everything but the content area really makes a difference. I'm getting closer to my dream: a world where all my hardware co...
Post a Comment
Read more