Welcome to the new ZDNet! Give feedback or learn more about our updated design here. Or, return to the classic view.

iPhone date glitch exposes photo albums

If your iOS device's clock is rolled back, your entire photo album is visible even if the device is locked with a passcode.

Technology consultant Ade Barkah has discovered a security/privacy vulnerability in Apple's iPhone that leaks iOS 5 album photographs under certain conditions.

Barkah explains:

follow Ryan Naraine on twitter

This vulnerability is simple to test.  Just set your iPhone’s clock to a time in the past (say, in 2010).  Then access the Camera while your phone is still locked.  Lo-and-behold, you’ll be able to see all your “protected” images.

As part of the iOS 5 upgrade, users get immediate access to the camera even if the device is locked with a passcode.  This feature blocks access to the entire photo album and only allows the user to see photos taken from the current (locked) session.

However, Barkah found that if he rolled back the clock settings on an iOS device, the entire photo album became visible.

The point to all this is that Apple should not rely on a simple timestamp to restrict image access.  Changing the iPhone’s clock — forwards or backwards — should notaffect its security.  We can’t guarantee the clock will always monotonically more forward, and when it doesn’t, the system should fail-secure.

Apple does not respond to media queries about security problems in its products.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All