iOS 9 allows access to photos and contacts on a passcode locked iPhone
idownloadblog.comReminds me of a similarly Rube—Goldberg-esque login screen circumvention in Windows 95:
Right, we saw some of bypasses like this lately.
And I believe we'll see more, because we add more and more features to the lock-screens.
"This only allows users to view your contacts, and look at your photos (not videos) through a limited interface. Photos cannot be forwarded or shared from your iPhone"
only? Isn't that bad enough? Anecdotally I really couldn't care if any of the messages I have get out in the open as for some reason I don't have sensitive content in them, but some pictures on the other hand are really not meant for everybody, especially when they aren't even sorted out yet, and I'm sure I am not alone.
Also: taking a picture of a phone with a picture still preserves most of it and so they can in fact be - what I would call - forwarded.
There have been quite a few of these exploits over the years, where you can trick a program running in locked mode into thinking it's in unlocked mode. It seems like they really need to have completely separate programs to run in locked mode that can't access anything except via defined APIs.
I think object-capability based access control would solve the problem as well. If the login screen is only given the capability to talk to the authentication program, then even if you could force opening photos, you wouldn't have the capabilities to hand to the photos app to actually view them.