Weird iOS 5 Bug Lets Prying Eyes View Saved Photos On A Locked iPhone

Weird iOS 5 Bug Lets Prying Eyes View Saved Photos On A Locked iPhone

A Canadian technical consultant by the name of Ade Barkah has uncovered a particularly weird bug in iOS 5 that lets anyone see a locked iPhone’s Camera Roll from the device’s lock screen. The only catch is that viewable photos must have a time stamp that’s newer than the iPhone’s internal clock.

If an iPhone’s clock were to ever roll back or get manually set to a time in the past, any photo taken after that date can be easily seen by means of the Camera app shortcut on the iOS lock screen.

Barkah explains:

I was intrigued at how the Camera app’s album manager was able to segregate your “protected” images vs. the ones from the current session.  It’s like a “jail” for images.  I wondered if I could break out of this image jail.

Turns out Apple’s restriction is just a simple filter based on the timestamp when the Camera app was invoked.  You’re allowed to see all images with a timestamp greater than this invocation time.  Yet that leads to an immediate hole: if your iPhone’s clock ever rolls back, then all images with timestamps newer than your iPhone’s clock will be viewable from your locked phone.

But time always moves forward, right? Why would your phone’s clock ever roll backwards?

The tech consultant discovered this bug while traveling from Canada to Argentina. iOS 5 allows you to take a picture quickly from the lock screen by double tapping the Home button. A small camera icon then appears to the right of the ‘slide to unlock’ bar. If you have a password enabled on your iPhone, you can’t access the Camera Roll from this shortcut without first entering your 4-digit PIN.

It’s odd that a simple timestamp would unlock access to an iPhone’s entire photo collection. You can try this bug yourself by manually setting your iPhone’s clock back to a random time in the past (2010, etc.). Make sure your password is on and try to access your Camera Roll from your lock screen. You’ll see every photo that was taken after your iPhone’s internal date.

Barkah argues that, although this bug isn’t a huge security flaw, it’s something that Apple should address:

The point to all this is that Apple should not rely on a simple timestamp to restrict image access.  Changing the iPhone’s clock — forwards or backwards — should not affect its security.  We can’t guarantee the clock will always monotonically more forward, and when it doesn’t, the system should fail-secure.

(via CNET)

  • prof_peabody

    So if you take pictures in the future on a regular basis you are screwed?  

    It’s hard to see this as a “security flaw” at all given that physical access is required to do it in the first place and almost every phone will be setting the time automatically from the cell carrier’s time server.

  • alexheath

    And that’s exactly why I called it a “bug.”

  • Kristin6534Qa

    @readers:disqus  my best friend’s mother-in-law makes $95 every hour on the internet. last month her pay was $8370 just working on the internet for a few hours.Follow the instructions at Online Income solution and set up your account.. http://goo.gl/XLH8T

  • Myles Kaye

    Baloney, hardly news

  • David Leiva

    Meh.

    *Prying eyes.

  • helix bird

    Actually it’s quite an ingenious design that works for most cases and is simple to design.

  • Aliza

    Initially, i tried this feature and realized that it only allowed me to view and delete photos that were taken in that “session” and had a message that to view any picture or video i had to unlock my phone. Then i tried what was shared in this article, to backdate to a year ago and yes, it’s true!

    Another bug is that, while you in that shortcut mode, if you press the home button, it brings you back to your home screen…which is normal, rite? But it also means anyone can just acess your phone via this camera icon short-cut…by passing the locked screen altogether, not needing to key in your 4-digit passcode… I think this bug is worse!!! o.O

About the author

Alex HeathAlex Heath is a staff writer at Cult of Mac and co-host of the CultCast. He has been quoted by the likes of the BBC, KRON 4 News, and books like "ICONIC: A Photographic Tribute to Apple Innovation." If you want to pitch a story, share a tip, or just get in touch, additional contact information is available on his personal site. Twitter always works too.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News | Tagged: , , , , , , , |