Apple needs to get a grip on lockscreen bypass bugs

Apple needs to get a grip on lockscreen bypass bugs

Summary: Don't care about your data? Well, what about your employer's data, or that of your customers or clients? Can you afford to have the same lax attitude there? I hope not.

SHARE:
(Image: ZDNet/CBS Interactive)

With iOS 8 on the horizon Apple is hoping to get us to trust some of our most personal and private data – data about our health – to the iOS operating system, and yet the programmers at Cupertino can't seem to squash lockscreen related bugs that have been plaguing the platform for years.

The latest lockscreen bug to hit iOS users is one of the simplest to date. It's quick and easy to carry out, taking only a few seconds to pull off, and leaves no trace that the device was accessed. Thankfully, it only allows access to the last app open, but it's a throw of the dice as to whether whether what might be open is sensitive or not.

Now, you might say that once an "attacker" has access to the handset, then all bets are off as to what's possible. Then there are others amongst you who might dismiss this as moot because you don't have the control panel enabled for the lockscreen. Both points are, to a degree, valid, but the problem with lockscreen bugs is not only that there are just too many of them – almost every version of iOS for the past few years has suffered from this vulnerability in one form or another – or the threat they pose if the handset is lost of stolen, but the real problem is that they make casual snooping just too easy.

But in case you're still going to try to justify that these lockscreen bypasses aren't a problem, let me offer the following points. First, people pay Apple good money for iOS devices and deserve better than this, and secondly, Apple is asking us to trust more and more of our personal lives to its devices, and these lockscreen vulnerabilities are a serious breach of that trust.

Don't care about your data? Well, what about your employer's data, or that of your customers or clients? Can you afford to have the same lax attitude there?

I hope not.

This is also worrying because of other features that Apple are baking into iOS 8, such as allowing third-party keyboards to be used. Apple claims that these keyboards won't be able to snoop on what we type, but by that logic, the lockscreen is supposed to lock the handset, and yet it doesn't.

It's all a matter of trust. And trust is the easiest thing in the world to erode.

See also:

Topics: Mobility, Hardware, iOS, iPhone, iPad, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

15 comments
Log in or register to join the discussion
  • And Yet

    you keep using and promoting their products.

    Stockholm Syndrome?
    Mujibahr
    • lockscreen is now the new homescreen

      We are going to need a lockscreen for the lockscreen
      warboat
    • Yes, it was so much better..

      ..when ZDNet was only writing negative Apple articles, wasn't it?
      rfoto
  • Every product has flaws

    Though the lock screen is an issue, it is only an issue when someone has physical control of the device. No, I do not like that this is an issue but is it all that bad.

    To me the malware issue is of more concern. From my reading Android has more issues, and where 95%+ of all malware effects Android, not Windows phones, not iOS, malware would be much more of a concern.
    BubbaJones_
    • Sorry, that's never been an acceptable answer to Apple fanbois.

      "Every product has flaws"

      So please refrain from using it in defense of Apple.
      ye
    • You should stop reading those "adver-articles"

      From the makers of Android anti-malware software. Nothing sells like fear.
      anothercanuck
      • That's Funny!

        Fear ( ms bugs) is what you use to sell Linux!

        You're priceless!
        Mujibahr
        • funny thing

          Didn't MS start the FUD war? Now let's get back to the topic of the article.
          tmsbrdrs
    • Took a day trip

      Thru T6 at LAX. Deliberately counting, I could have borrowed or snagged 11 5/5S iPhones as I wandered the terminal.
      Scary when you take time to look and ponder.
      rhonin
    • Most malware come from outside the Play Store

      Almost all Malware comes from outside the Play store. If you turn off security, root your phone, add rogue or third party app store, you're on your own. Just about all general users have nothing to fear from apps from Google's Play store.
      A Gray
    • You may be shocked how much malware is in the Apple/Google store

      Most of the free apps that people download would be classified as malware, adware or other garbage that should be removed if it was on a non-mobile device.

      I think people would be shocked at how much freedom these apps have to track, spy and siphon data from users.
      Emacho
  • just turn off control center on lockscreen

    okay so most dumb users don't do this. and so, apple should set disabling the control center panel on the lockscreen as a default. and then it would be on the user if the user decides to to enable the control center panel on the lockscreen.

    otherwise, it is what it is. and if this keeps getting repeated in the news, then more dumb apple users may wise up and disable that control panel from being accessible on the lockscreen. but you may not want to publize this too much or else the dumb crooks will find out about this so-called bug because dumb crooks don't really read techhead news sites. there. problem solved if people don't criticize too much about this. lol
    i-want-gizmos
    • Why are the users dumb?

      If it is so "dumb" to use this, then maybe Apple should remove it if they can't get it to work properly.
      Emacho
  • Stick Your Head In The Sand

    Typical Apple Solution!
    Mujibahr
  • It takes years to build trust and reputation...

    ...and one careless comment or action to destroy it.
    Doesn't matter if it's true or not, it just takes the comment.
    Don't believe me? Call someone a child abuser or blame them of infidelity in public.
    Businesses can suffer the same stigma but at least it's buffered by a lot more customers to drown out or question one voice.
    Zorched