iPhone date glitch exposes photo albums
Summary: If your iOS device's clock is rolled back, your entire photo album is visible even if the device is locked with a passcode.
Technology consultant Ade Barkah has discovered a security/privacy vulnerability in Apple's iPhone that leaks iOS 5 album photographs under certain conditions.
Barkah explains:
This vulnerability is simple to test. Just set your iPhone’s clock to a time in the past (say, in 2010). Then access the Camera while your phone is still locked. Lo-and-behold, you’ll be able to see all your “protected” images.
As part of the iOS 5 upgrade, users get immediate access to the camera even if the device is locked with a passcode. This feature blocks access to the entire photo album and only allows the user to see photos taken from the current (locked) session.
However, Barkah found that if he rolled back the clock settings on an iOS device, the entire photo album became visible.
The point to all this is that Apple should not rely on a simple timestamp to restrict image access. Changing the iPhone’s clock — forwards or backwards — should notaffect its security. We can’t guarantee the clock will always monotonically more forward, and when it doesn’t, the system should fail-secure.
Apple does not respond to media queries about security problems in its products.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
You're setting the date wrong.
Sent from TCP/IP
RE: iPhone date glitch exposes photo albums
RE: iPhone date glitch exposes photo albums
It's actually doing exactly what it's supposed to do.
The camera app allows you to take photos and review the ones you just took--meaning photos taken with a time stamp that appear AFTER the time at which the camera app was launched. Setting the date to the past means that when you launch the app, any photos that were taken AFTER the time the camera app was launched are then viewable.
Simple solution: don't set your clock to some bogus B.S. time in the past, and then photos that are taken with relative dates IN THE FUTURE won't be visible!
DUH!! Stupid non-freakin-story
RE: iPhone date glitch exposes photo albums
EDIT: Accidentally repeated "@lelandhendrix@..."
sdfsddf
Crystal Gifts Lunch Box http://www.chinawholesaletown.com/wholesale-CD-Holder/ Sport Items
Wholesale T-Shirts Name Card Holder http://www.chinawholesaletown.com/wholesale-Money-Clip/ Electrical Gifts
Computer Accessories Wholesale Ashtray http://www.chinawholesaletown.com/wholesale-Muslim-Products/ Silicone Products
Wholesale Cooler Wholesale Fan http://www.chinawholesaletown.com/wholesale-Tableware/ Personal Safety Products
Wholesale Mouse Wholesale Puzzle http://www.chinawholesaletown.com/wholesale-Fan/ Scissors
Lighting Products Wholesale Tellurion http://www.chinawholesaletown.com/wholesale-Socks/ Giveaway Material
Photo Frame Pet Supplies http://www.chinawholesaletown.com/wholesale-Hardware-Tools/ Compass
Water Bottle Medicine Instrument http://www.chinawholesaletown.com/wholesale-Calendar/ Stapler
Wholesale Shoe Wholesale lable http://www.chinawholesaletown.com/wholesale-Computer-Keyboard/ China Wholesale
Wholesale Clap Hands Wholesale USB Products http://www.chinawholesaletown.com/wholesale-Cup/ Banner
Wholesale Hardware Tools Wholesale Umbrella http://www.chinawholesaletown.com/wholesale-Towel/ Clothing
Wholesale Keyboard Business Gift http://www.chinawholesaletown.com/wholesale-World-Cup/ Tag
Wholesale Glass Book Light http://www.chinawholesaletown.com/wholesale-Bedding/ Patient Care Products
Promotional Gifts Digital Photo Frame http://www.chinawholesaletown.com/wholesale-Outdoor---Leisure/ Outdoor Leisure Products
Wholesale Raincoat Wholesale Glass http://www.chinawholesaletown.com/wholesale-Mobile-Phone/ Waterproof Case
Stuffed Animals Audio Video Equipment http://www.chinawholesaletown.com/wholesale-Pure-Cotton-Compressed/ Kitchenware
Coca Cola Gifts Wholesale Belt http://www.chinawholesaletown.com/wholesale-Coca-Cola-Gifts/ Mouse
Heating Products Wholesale Cooler http://www.chinawholesaletown.com/wholesale-Automotive-Products/ Carabiner
Beauty Equipment Wholesale Toys http://www.chinawholesaletown.com/wholesale-Christmas-Gifts/ Socks
Pet Supplies Wholesale Bedding http://www.chinawholesaletown.com/wholesale-Crystal-Gifts/ Candle
Wholesale Candle Wholesale Golf Products http://www.chinawholesaletown.com/wholesale-Clothing/ Stuffed Animals
Wholesale Compass Wholesale Whistle http://www.chinawholesaletown.com/ Audio Video Equipment
Wholesale Bag Wholesale Scissors http://www.chinawholesaletown.com/wholesale-Wallet/ Vuvuzela
Wholesale Waterproof Case Wholesale Cup http://www.chinawholesaletown.com/wholesale-Electrical-Gifts/ Bracelet
Wholesale Ashtray Wholesale Vuvuzela http://www.chinawholesaletown.com/wholesale-Mug/ Wine Set
Wholesale Massager Wholesale Watch http://www.chinawholesaletown.com/wholesale-Frisbee/ Clap Hands
Muslim Products Wholesale Tie http://www.chinawholesaletown.com/wholesale-Umbrella/ TelePhone
Wholesale Tag Promotional Products http://www.chinawholesaletown.com/wholesale-Personal-Safety/ Camera
Safety Suppliers Wholesale Shoe http://www.chinawholesaletown.com/wholesale-Stress-Ball/ Magnifier
Wholesale Toys Wholesale Banner http://www.chinawholesaletown.com/wholesale-Flash-Gift/ World Cup Products
Wholesale Glasses Fishing Supplies http://www.chinawholesaletown.com/wholesale-Binoculars/ USB Flash Drive
Lady Beauty Care Wholesale Earphone http://www.chinawholesaletown.com/wholesale-Silicone/ Earphone
Wholesale Stress Ball Wholesale Mug http://www.chinawholesaletown.com/wholesale-Clocks/ Lunch Box
Medicine Instrument Wholesale Jewelry http://www.chinawholesaletown.com/wholesale-Eye-Masks/ Playing Card
Wholesale Scissors Arts Crafts http://www.chinawholesaletown.com/wholesale-Reflective-Safety-Vest/ Safety Suppliers
Wholesale Stapler Wholesale Calculator http://www.chinawholesaletown.com/wholesale-Badge---Pin/ Puzzle
iOS is a swiss cheese OS
RE: iPhone date glitch exposes photo albums
You're falling back into your old habits of repeating proven falsehoods.
There was a story on it very recently
I know you hate to admit that iOS could possibly be hacked within a few minutes. The truth hurts.
So this Ade Barkah is lying?
William: that's the power of RDF
It isn't true.
It isn't true.
It isn't true.
RE: iPhone date glitch exposes photo albums
to toddy/NZ:[i]"You're falling back into your old habits of repeating proven falsehoods."[/i]
Mainly because that is all he has to work with most of the time. This "problem" is not even a glitch - it is the software doing just what it is supposed to do! To change the date requires the passcode - in which case you are assumed to be a legitimate user. When the phone is locked, it shows photos from the (supposedly) current date.
Interesting that he denies being the same person as NonZealot. This conjures up the disturbing scenario that there may actually be [b]two[/b] such paranoid and rabid Apple haters at large. A scary thought, but very good news for psychiatrists that such potential clients are out there waiting.
Of course, my father could have cured these sad creatures, who apparently have to justify their existence to themselves by hating Apple and repeatedly telling themselves that all thing Microsoft are wonderful. He would simply tell them to "Snap out of it!" and "Wake up to yourself!" Perhaps if they heeded these suggestions they could get a life and stop infesting these talkbacks, but that would just be wishful thinking...
Oh well, at least there is the weekend coming up, when they leave their desks in Redmond, and we get some relative peace and quiet in here!
RE: iPhone date glitch exposes photo albums
Nope, I didn't say he was lying. Where did I say that?
I was commenting on toddy bottom's claiming that 'a few hours' is the same as 'a few minutes.'
http://www.zdnet.com/tb/1-112202?tag=talkback-river;1_112202_2280028#1_112202_2280028
RE: iPhone date glitch exposes photo albums
While we're splitting hairs I'd like to point out that hours can be converted into minutes and "a few" is a relative term. That is, 720 minutes is a few when compared to a month's worth of minutes. The point was that a security flaw was found in a relatively short period of time, and that is a fact. It shouldn't be ignored or rebuffed, it should be patched as soon as possible.
RE: iPhone date glitch exposes photo albums
To be pedantic, 'few' is defined as a small number. While 3 minutes is few when compared to 360 minutes, 360 minutes is not few when compared to 3, which is what NZ was doing.
Time frame means little. A bug was found, and should be fixed. In that, you and I are in complete agreement.
Thank you lippidp, my point exactly
msalzberg took exception to my statement that iOS had swiss cheese security because it was hacked in a very short period of time. Of course, since my statement was true, he has had to deflect by pretending that "a few hours" is a very long time to hack an OS. Even sadder, he must resort to calling me by someone else's name. Very childish. I would expect this type of behavior from a pre-teen.
RE: iPhone date glitch exposes photo albums
Dum Dum Dum Dum
All OSes are Swiss cheese.
RE: iPhone date glitch exposes photo albums
And yes, I realize that if the device was disconnected for more than an hour while crossing time zones the issue is not likely to occur.
RE: iPhone date glitch exposes photo albums
It doesn't matter according to msalzberg
This doesn't matter because it took more than 3 minutes to find this hole. Anything more than 3 minutes means that the OS is rock solid.
According to msalzberg.