iOS 6.1 lock-screen bypass fumble highlights BYOD fragility

iOS 6.1 lock-screen bypass fumble highlights BYOD fragility

Summary: Apple's latest fumble led to users being able to bypass the iOS 6.1 lock screen. In spite of strong back-end mobile device management and security policies, most of the time your enterprise is still at the mercy of the mobile maker not screwing up.

SHARE:
iphone-lock-screen

The Verge first noticed (via Techmeme) that iPhone and iPad users running the latest iOS 6.1 platform can bypass the lock screen, even when a password is set. 

No matter how secure your password is, by fumbling around with a few buttons in sequence, your password-enabled iPhone or iPad is laid open for anyone to potentially rifle through parts of your phone or tablet.

Are the alarm bells ringing yet? Engage the panic switch.

Your entire mobile enterprise and bring-your-own-device (BYOD) plan at work just crumbled because Apple inadvertently allows unauthorized users to gain access to local device data, including in some cases server-stored contacts, voicemail, and photos.

Read this

Does jailbreaking or rooting devices, and BYOD mix?

Does jailbreaking or rooting devices, and BYOD mix?

The short answer is no. The slightly longer answer... definitely not.

And for now there's nothing you can do about it. 

You can have the strongest password, the enhanced security features, the remote wipe functions set up, and all kinds of policies enabled, but in this case all those features become instantly redundant. And, until Apple fixes it—which could be many days or even weeks from now, considering their past track record—some of your corporate data is vulnerable to unauthorized access.

There's no way to sugar coat it. If your enterprise runs iPhones and iPads, in spite of your mobile device management setup, corporate data—in varying form—could be accessed by anybody who now knows the very, highly publicized bypass sequence.

With enhanced security, strong policy management, back-end mobile device management (MDM) services to prevent data leaks, breaches and security lapses—it can all unravel when you realize your entire business is still at the mercy of the mobile maker getting the device's in-built security features right the first time around.

For some time, Apple has been gaining in the BYOD trend. Bring your own device to work, but you have to follow the IT policy guidelines to protect your company's data from harms way.

As governments and private sector companies alike are ditching the BlackBerry in favor of iPhones, while trying to avoid Android altogether—at least for now—Apple products are increasingly breaking through the enterprise wall. iPads are rolling out to businesses, and iPhones are being tested in the work environment, and all because of the strong

But bugs like this, that may seem small to fix but are huge in short term, erode away at the confidence in the platform, which up until now and despite the odd bug here and there, has been as strong as BlackBerry was during the late 2000s.

The bottom line: you can have the most secure environment for your BYOD employees and devices—in this case iOS 6.1 powered devices, which is probably most if not all of them—with MDM solutions plugging policies left, right and center to avoid human mistakes. But sometimes you're simply at the mercy of the mobile maker not screwing up in the first place.

Topics: iOS, BYOD and the Consumerization of IT

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

65 comments
Log in or register to join the discussion
  • BYOD

    BYOD is a bad idea anyway. I doubt many large companies are doing this, esp. publicly traded ones, due to Sarbanes-Oxley concerns.

    I'm certain Apple will fix this but I'm more concerned that it happened at all. This and QA issues with both Lion and Mountain Lion make me wonder if chasing public approval is hurting QA at Apple.
    jpolk84
    • "In 25 easy steps you too can unlock an iPhone!"

      Having just watched the Verge video, this is something you'd have to know how to do. Which, unfortunately, everyone does thanks to the coverage. Not to say they shouldn't release the information but this is hardly something you'd "stumble upon."
      jpolk84
      • No kidding

        How about ripping into these jackass anarchists who irresponsibly released damaging information and essentially CREATED the security risk.
        baggins_z
        • The "hackers" should have the right to make a scandal of such things, ...

          ... because otherwise companies might have different priorities set for themselves and do not patch vulnerabilities for quite a long time.

          In this case particularly people should just care not to let go of their devices, and they are perfectly safe.

          However, even though this "hack" is not the easiest thing to do, this is serious security breath.

          And yet there is no way to connect it to "BYOD fragility" as Zack supposes, nothing to do with each other specifically. iPhones get deployed by corporations in quantities of thousands, sometimes tens of thousand units -- and those devices are as vulnerable or as safe as BYOD.
          DDERSSS
          • You are making an unwarranted

            Assumption. Apple would be right to treat this as a very low threat. It only became a problem when a bunch of hackers with an agenda made it a high priority through their irresponsible behavior.
            baggins_z
          • ... okay so that logic is probably the worst ever.

            Seriously. It's just plain dumb. Think about it for a minute. Just how dumb it is... I mean... seriously...
            mrefuman
          • Are you talking about DDERSSS comment?

            His comment is salient, logical and reasonable. I don't see anything wrong with it.
            12312332123
          • These so called "irresponsible" guys...

            ...have rendered a valuable public service by drawing attention to the problem. It will force Apple to fix it, which they otherwise *MAY* not have done.
            jaykayess
          • Some assailed yoru beloved Apple?

            Microsoft have to deal with this week in week out, with every hacker on the planet scouring their code for a way in and reporting their findings. It is a public service that hackers do this, otherwise they would just keep the information to themselves - wouldn't they?
            12312332123
          • (Fixed)

            Assumption. Apple would be right to treat this as a very low threat. It only became a problem when a bunch of anti-apple fanboy ZDNet forum posters with an agenda made it a high priority through their irresponsible behavior.
            Non-Euclidean
        • Or letting Apple hire them, like they did the one guy

          who figured out how to jailbreak the thing...
          HypnoToad72
        • We should give thanks for these "jackass anarchists"

          These guys keep Apple and others on the ball. Security flawed products are quickly broken and the company that created them forced to quickly. Rather than exploiting these flaws for profit, they are using them to create an environment in which companies like Apple, MS, Google, etc MUST take maximum precaution to ensure that their products are secure. It's a valuable service and I strongly support their actions. They are the Woodward and Bernstein of technology. If the threat of exposure and very real damage did not face both government and industry, they would soon become careless.
          **owly**
          • You have no clue at what progress Apple was taking

            in resolving this issue. If you are a developer, you know full well that you rate your bugs in order of harm they can cause. Something in your code that required byzantine steps to expose would have been put at the bottom of your bug fix list, too. Admit it. And if some group of anarchist jackasses with an axe to grind against your software had gone and made public the exploit and then told you you were a slacker for not making it a top priority, you would be rightly incensed and disgusted with them.
            baggins_z
      • yeah, but then...

        ...the author wouldn't be able to go on, and on, and on about how much he hates Apple.
        troyds@...
        • Oh yeah, I clearly hate Apple

          Considering I have a MacBook Air, a Mac mini, and recently traded in my BlackBerry for an iPhone 4S. Why? Because I clearly hate Apple that much.
          zwhittaker
          • And you constantly whine about

            Them. I think the parent's point as some merit.
            baggins_z
          • He complains about everything

            It's what he does.
            Michael Alan Goff
          • Point taken.

            Maybe that's why his articles are hard to read: I don't speak Whinese.
            baggins_z
        • re: yeah, but then. . .

          That doesn't sound like hate, it sounds like disappointment. He wants to be able to trust his devices not to have security holes you could shove a black-hat hacker through sideways. As do I. I would count this one as a middling-epic fail in that regard. BTW, I'm not an Apple hater, but I'm not a fanboi, either.
          rocket ride
          • An exploit

            You need a complicated tutorial to use is not a security hole you could shove anyone through sideways.
            baggins_z