A Canadian technical consultant by the name of Ade Barkah has uncovered a particularly weird bug in iOS 5 that lets anyone see a locked iPhone’s Camera Roll from the device’s lock screen. The only catch is that viewable photos must have a time stamp that’s newer than the iPhone’s internal clock.
If an iPhone’s clock were to ever roll back or get manually set to a time in the past, any photo taken after that date can be easily seen by means of the Camera app shortcut on the iOS lock screen.
I was intrigued at how the Camera app’s album manager was able to segregate your “protected” images vs. the ones from the current session. It’s like a “jail” for images. I wondered if I could break out of this image jail.
Turns out Apple’s restriction is just a simple filter based on the timestamp when the Camera app was invoked. You’re allowed to see all images with a timestamp greater than this invocation time. Yet that leads to an immediate hole: if your iPhone’s clock ever rolls back, then all images with timestamps newer than your iPhone’s clock will be viewable from your locked phone.
But time always moves forward, right? Why would your phone’s clock ever roll backwards?
The tech consultant discovered this bug while traveling from Canada to Argentina. iOS 5 allows you to take a picture quickly from the lock screen by double tapping the Home button. A small camera icon then appears to the right of the ‘slide to unlock’ bar. If you have a password enabled on your iPhone, you can’t access the Camera Roll from this shortcut without first entering your 4-digit PIN.
It’s odd that a simple timestamp would unlock access to an iPhone’s entire photo collection. You can try this bug yourself by manually setting your iPhone’s clock back to a random time in the past (2010, etc.). Make sure your password is on and try to access your Camera Roll from your lock screen. You’ll see every photo that was taken after your iPhone’s internal date.
Barkah argues that, although this bug isn’t a huge security flaw, it’s something that Apple should address:
The point to all this is that Apple should not rely on a simple timestamp to restrict image access. Changing the iPhone’s clock — forwards or backwards — should not affect its security. We can’t guarantee the clock will always monotonically more forward, and when it doesn’t, the system should fail-secure.