Hmm, was that Down, Down, Left, A, Up, Right? Or Left, Left, Down, B, Right, Up?
A new method for bypassing the passcode on an iOS7 lock screen has been discovered. This allows an unauthorized intruder access to all photos, and the ability to post them to channels such as Twitter, Facebook, Flickr, or even to email them. copyrightjoestrazzere
- The iOS 7 lock screen can be bypassed with a series of gesture techniques
- Up - Hold - Cancel - Doubleclick - Hold
- Affects iPhones, iPod Touch, and iPads
- Grants unintended access to Mail, Photos, Twitter and more
- Found by Canary Islands-based soldier Jose Rodriguez
- Rodriguez also found lock screen flaws in earlier versions of iOS
It's probably not a big deal. After all, I'm sure nobody ever has photos on their i-Devices that they wouldn't want everyone in the world to see, right?
Still, this isn't the first time that someone has found low-tech ways to bypass the lock screen.
Fool me once, shame on you. Fool me twice, shame on me. Fool me three times - perhaps they should have tested more.
Also see:
http://www.forbes.com/sites/andygreenberg/2013/09/19/ios-7-bug-lets-anyone-bypass-iphones-lockscreen-to-hijack-photos-email-or-twitter/
http://www.zdnet.com/how-to-fix-the-ios-7-lock-screen-bypass-flaw-7000020913/
http://appleinsider.com/articles/13/09/19/apples-control-center-used-to-bypass-ios-7-passcode-lock
http://lifehacker.com/ios-7-bug-allows-thieves-to-bypass-your-lock-screen-1350894097
http://allthingsd.com/20130919/yes-apple-is-working-on-a-fix-for-the-ios-7-lock-screen-hack/
http://techcrunch.com/2013/09/19/ios-7-lock-screen-vulnerability-discovered-gives-access-to-photos-and-social-sharing/
http://www.macrumors.com/2013/09/19/ios-7-lock-screen-vulnerability-gives-access-to-photos-email/
This article originally appeared in my blog: All Things Quality
My name is Joe Strazzere and I'm currently a Director of Quality Assurance. I like to lead, to test, and occasionally to write about leading and testing. Find me at http://AllThingsQuality.com/. |
Hey Joe, I found the following on Twitter:
ReplyDeletehttp://www.allthingsquality.com/2013/09/perhaps-they-should-have-tested-more.html
And then Mike Lyles (long time test manager at Lowe's) told me he was part of the Beta testing for iOS7 and sent me this link to have as a workaround:
http://techland.time.com/2013/09/19/how-to-safeguard-your-device-from-ios-7s-lock-screen-bypass-bug/
Lately it seems Apple's iPhone group seems to be rushing products to market. I'm not a fan.
Being a Director of QA you should know just as well as anyone that the testers probably DID find this, DID report it as critical and was ignored by the fact that most businesses will ignore all this in favour of sticking to the release date.
ReplyDeleteTo blame the testers alone is naive at best.
Myguy - I'm sorry you feel this way. I NEVER blame the testers for these sorts of failures. As you point out, we don't know what goes on internally at the companies in question. And as we all have seen, in the rush to get a release to market, corners are cut and bug fixes are deferred. In my series of articles when I say "Perhaps they should have tested more", it's always shorthand for "This company has a bug that went public. That's a bad thing. If they empowered their professional testers a bit more, perhaps it could have been prevented." Some QAers/Testers use these articles to bolster their requests for more time, more people, more budget, and a higher profile.
ReplyDeleteMyguy - Usually, it's not possible to assign specific blame for a publicly-reported "glitch". Here's one case where reporters seemed to blame QA. But I was able to dig deeper into the specific issue. http://www.allthingsquality.com/2010/04/perhaps-they-should-have-tested-more_682.html
ReplyDeleteI concluded that this wasn't actually a software bug, but most likely a failure of the producer.
Very interesting indeed. Not a lot of people outside the industry know exactly what it is we do. I could find a 1000 bugs but still be blamed for the one I didn't spot. GTA V has recently seen this with the car garage bug
Deletehttp://www.bbc.co.uk/newsbeat/24220206
I don't envy the testers on this project for sure!
I suppose it's the easy PR route to just blame "QA"