September 20, 2013

Perhaps They Should Have Tested More - Apple iOS 7

Hmm, was that Down, Down, Left, A, Up, Right? Or Left, Left, Down, B, Right, Up?

A new method for bypassing the passcode on an iOS7 lock screen has been discovered. This allows an unauthorized intruder access to all photos, and the ability to post them to channels such as Twitter, Facebook, Flickr, or even to email them. copyrightjoestrazzere

  • The iOS 7 lock screen can be bypassed with a series of gesture techniques
  • Up - Hold - Cancel - Doubleclick - Hold
  • Affects iPhones, iPod Touch, and iPads
  • Grants unintended access to Mail, Photos, Twitter and more
  • Found by Canary Islands-based soldier Jose Rodriguez
  • Rodriguez also found lock screen flaws in earlier versions of iOS

It's probably not a big deal. After all, I'm sure nobody ever has photos on their i-Devices that they wouldn't want everyone in the world to see, right?

Still, this isn't the first time that someone has found low-tech ways to bypass the lock screen.

Fool me once, shame on you. Fool me twice, shame on me. Fool me three times - perhaps they should have tested more.

Also see:
http://www.forbes.com/sites/andygreenberg/2013/09/19/ios-7-bug-lets-anyone-bypass-iphones-lockscreen-to-hijack-photos-email-or-twitter/
http://www.zdnet.com/how-to-fix-the-ios-7-lock-screen-bypass-flaw-7000020913/
http://appleinsider.com/articles/13/09/19/apples-control-center-used-to-bypass-ios-7-passcode-lock
http://lifehacker.com/ios-7-bug-allows-thieves-to-bypass-your-lock-screen-1350894097
http://allthingsd.com/20130919/yes-apple-is-working-on-a-fix-for-the-ios-7-lock-screen-hack/
http://techcrunch.com/2013/09/19/ios-7-lock-screen-vulnerability-discovered-gives-access-to-photos-and-social-sharing/
http://www.macrumors.com/2013/09/19/ios-7-lock-screen-vulnerability-gives-access-to-photos-email/

This article originally appeared in my blog: All Things Quality
My name is Joe Strazzere and I'm currently a Director of Quality Assurance.
I like to lead, to test, and occasionally to write about leading and testing.
Find me at http://AllThingsQuality.com/.
Labels:

5 comments:

  1. yagsySeptember 23, 2013

    Hey Joe, I found the following on Twitter:
    http://www.allthingsquality.com/2013/09/perhaps-they-should-have-tested-more.html

    And then Mike Lyles (long time test manager at Lowe's) told me he was part of the Beta testing for iOS7 and sent me this link to have as a workaround:

    http://techland.time.com/2013/09/19/how-to-safeguard-your-device-from-ios-7s-lock-screen-bypass-bug/

    Lately it seems Apple's iPhone group seems to be rushing products to market. I'm not a fan.

    ReplyDelete
  2. MyguySeptember 24, 2013

    Being a Director of QA you should know just as well as anyone that the testers probably DID find this, DID report it as critical and was ignored by the fact that most businesses will ignore all this in favour of sticking to the release date.

    To blame the testers alone is naive at best.

    ReplyDelete
  3. JoeSeptember 25, 2013

    Myguy - I'm sorry you feel this way. I NEVER blame the testers for these sorts of failures. As you point out, we don't know what goes on internally at the companies in question. And as we all have seen, in the rush to get a release to market, corners are cut and bug fixes are deferred. In my series of articles when I say "Perhaps they should have tested more", it's always shorthand for "This company has a bug that went public. That's a bad thing. If they empowered their professional testers a bit more, perhaps it could have been prevented." Some QAers/Testers use these articles to bolster their requests for more time, more people, more budget, and a higher profile.

    ReplyDelete
  4. JoeSeptember 25, 2013

    Myguy - Usually, it's not possible to assign specific blame for a publicly-reported "glitch". Here's one case where reporters seemed to blame QA. But I was able to dig deeper into the specific issue. http://www.allthingsquality.com/2010/04/perhaps-they-should-have-tested-more_682.html

    I concluded that this wasn't actually a software bug, but most likely a failure of the producer.

    ReplyDelete
    Replies
    1. MyguySeptember 25, 2013

      Very interesting indeed. Not a lot of people outside the industry know exactly what it is we do. I could find a 1000 bugs but still be blamed for the one I didn't spot. GTA V has recently seen this with the car garage bug

      http://www.bbc.co.uk/newsbeat/24220206

      I don't envy the testers on this project for sure!

      I suppose it's the easy PR route to just blame "QA"

      Delete

Subscribe to: Post Comments (Atom)