X

Time stamp bug exposes photos on locked iPhone

If your iPhone clock somehow gets set to the past the photos taken since then could be viewed despite the phone being locked.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
See full bio
Elinor Mills
2 min read
This is the message displayed when someone tries to view the photos on a locked iPhone.
This is the message displayed when someone tries to view the photos on a locked iPhone. Elinor Mills/CNET
Even though my iPhone is locked, I was able to show a colleague this photo on my phone after setting the clock to a date in the past.
Even though my iPhone is locked, I was able to show a colleague this photo on my phone after setting the clock to a date in the past. Elinor Mills/CNET

A Canadian tech consultant has discovered a bug in iOS 5 that makes the photos on a locked iPhone viewable, if the phone's clock is set to the past.

It's easy to test. On an iPhone running iOS 5, you can access the camera, even if the phone is locked, by double-clicking the home button. But if you try to view the photo gallery, you are blocked with a message that says, "Unlock your iPhone to see all of your photos and videos."

Now go into your phone settings, and change the date to some point in the past. And at this point, after the phone has been locked again, you will be able to see the photos that have been taken since that date.

"If your iPhone's clock ever rolls back, then all images with time stamps newer than your iPhone's clock will be viewable from your locked phone," Ade Barkah wrote on his blog this weekend.

Since most of us have the date and time automatically set, an obvious question would be why the clock would ever roll backward.

Someone traveling across time zones could accidentally set the date incorrectly, notes Barkah, who discovered the problem and blogged about it from the road on a Canada-to-Argentina motorcycle trip. And there's always the potential for an iPhone glitch: "E.g., a software or hardware issue could reset your iPhone's clock to epoch time--iPhone's 'zero' time at midnight January 1, 2001. In this case, all your images are exposed," he writes.

There also could be an infrastructure error, such as if the phone is automatically synced from an erroneous external time source like the cell phone company, Barkah suggests. And, finally, if an app is ever able to change the clock, that could be a problem, he adds.

"The point to all this is that Apple should not rely on a simple time stamp to restrict image access," he writes. "Changing the iPhone's clock--[forward or backward]--should not affect its security. We can't guarantee the clock will always monotonically [move] forward, and when it doesn't, the system should fail-secure."

Apple didn't immediately respond to a request for comment.