This, my friends, is why we love hackers. Design a state-of-the-art security system. Put it in front of non-malicious hackers. Patch the leaks. Repeat.
Apple's been busy this month, releasing two new iPhones, as well as the largest overhaul of its mobile operating system (iOS 7) since the original iPhone was released in January 2007. With new hardware (specifically, the new fingerprint unlock sensor) and new software, comes new security exploits to fix, and sure enough, the hackers have come through once again.
iOS 7 Allows Anyone to Bypass Lock Screen for Photos
Got some pics of evidence or relating to a client on your iPhone? Pay close attention. If a curious stranger has your iPhone, they can access your photos (and email, tweet, or otherwise share them) with the following bit of button-pressing magic, courtesy of Gizmodo:
- On the lock screen, swipe up to access the control panel;
- Open the stopwatch app;
- Go over to alarm clock;
- Hold the power button until you see "Slide to power off;"
- Hit cancel, then immediately double-tap the home button, with a sustained second press (tap taaaaap).
The double-tap is the standard way of accessing iOS's multi-task pane. Ordinarily, you can't access it when the phone is locked. Indeed, even through this exploit, you can only access the camera, where you can tap the "camera roll" icon to reach the existing photos, where one could then share the photos with the wider world. Gizmodo has a great video of the exploit in action.
Someone Who REALLY Wants to Can Trick the Fingerprint Sensor
This shouldn't come as a surprise. No security barrier is foolproof, especially to a motivated hacker (or NSA research team). A German hacking group used a time-honored technique to fool Apple's fingerprint sensor, one that has been used in the past against similar sensors, and only needed a high-resolution scan of a person's fingerprint, according to the group's blog.
The hackers took a 2400 DPI photo of a fingerprint (imagine how many fingerprints are on your glass-fronted phone), inverted the image, and printed it at 1200 DPI using a "thick toner" setting onto a transparent sheet. White wood glue or pink latex milk is applied to the printout, and once cured, removed and blown on (giving it a bit of moisture, like a human finger).
Apply to the button, and voila!
Notice the switch from index to middle finger.
Of course, no street hustlers or jealous ex-lovers are going to be savvy enough to figure this out, but then again, they probably wouldn't have been able to crack that PIN code either. Even without a fingerprint exploit, we would've expected someone to design cracking software for the latest and greatest iPhone -- we just expected the exploits to take longer than a few days after the phone's release.
- How to Secure Your iPhone or Android Smartphone (FindLaw's Technologist Blog)
- iPhone Security Glitch Allows Bypass of Lock Screen (FindLaw's Technologist Blog)
- Prank Employees, Test Security in One Fell Swoop (FindLaw's Technologist Blog)