Tuesday, 25 October 2011

Ios5 Passcode Bypass Exposes Secrets

A recently disclosed bug in ios5 allows an attacker to bypass the passcode to the device and use whatever application was in the foreground at the time it was locked.

The first place I'm aware of carrying this story is BringYourOwnIt.com:

I tried this at home and sure enough it works. I believe this bug is really derived from things not being executed in the right order, your application should be backgrounded before the device sleeps and then brought back to the foreground when it wakes.

This is a problem that goes a little further than discussed in the BringYourOwnIt.com article because it also affects apps that have a 'privacy' mode - the app never gets the instruction to background which means it doesn't clear the history, purge or even wipe the screen.

I tested this with the Mercury Browser; I started the app and enabled privacy mode from the on screen window. Now if Mrs Hyakuhei comes home while I'm "shopping for her super-secret anniversary present" I just close the cover of the ipad and she'll never know. Unless she's read this post. In which case she could open the cover, hold down the power button, close the cover once the power-off screen is displayed, re-open and hit cancel - Now she can see all those presents that I was trying to keep secret.

So, all you ipad wielding secret santas - you have been warned.