A Canadian tech consultant has discovered a bug in iOS 5 that makes the photos on a locked iPhone viewable, if the phone's clock is set to the past.
It's easy to test. On an iPhone running iOS 5, you can access the camera, even if the phone is locked, by double-clicking the home button. But if you try to view the photo gallery, you are blocked with a message that says, "Unlock your iPhone to see all of your photos and videos."
Now go into your phone settings, and change the date to some point in the past. And at this point, after the phone has been locked again, you will be able to see the photos that have been taken since that date.
"If your iPhone's clock ever rolls back, then all images with time stamps newer than your iPhone's clock will be viewable from your locked phone," Ade Barkah wrote on his blog this weekend.
Since most of us have the date and time automatically set, an obvious question would be why the clock would ever roll backward.
Someone traveling across time zones could accidentally set the date incorrectly, notes Barkah, who discovered the problem and blogged about it from the road on a Canada-to-Argentina motorcycle trip. And there's always the potential for an iPhone glitch: "E.g., a software or hardware issue could reset your iPhone's clock to epoch time--iPhone's 'zero' time at midnight January 1, 2001. In this case, all your images are exposed," he writes.
There also could be an infrastructure error, such as if the phone is automatically synced from an erroneous external time source like the cell phone company, Barkah suggests. And, finally, if an app is ever able to change the clock, that could be a problem, he adds.
"The point to all this is that Apple should not rely on a simple time stamp to restrict image access," he writes. "Changing the iPhone's clock--[forward or backward]--should not affect its security. We can't guarantee the clock will always monotonically [move] forward, and when it doesn't, the system should fail-secure."
Apple didn't immediately respond to a request for comment.