14 DAY TRIAL // After upgrading his iPhone to the latest iOS 5, Canadian technology consultant Ade Barkah noticed that if the device's clock is rolled back, all the images with a newer timestamp than the current one are accessible, even if the apparatus is locked with a password.
The first thing Barkah noticed was that the camera app could be accessed even on a locked device by tapping twice the Home button. Also, the user has access to the images taken in the current session from within the camera app.
While researching a user interface glitch and trying to determine how the camera app’s album manager is able to tell the difference between older images and the ones taken in the current session, he noticed that it's not a sophisticated mechanism that’s easy to bypass.
“Turns out Apple’s restriction is just a simple filter based on the timestamp when the Camera app was invoked,” he said.
“You’re allowed to see all images with a timestamp greater than this invocation time. Yet that leads to an immediate hole: if your iPhone’s clock ever rolls back, then all images with timestamps newer than your iPhone’s clock will be viewable from your locked phone.”
Many can argue that the phone’s clock rarely rolls backwards, but as most users probably witnessed, there are some situations where a device’s time and date are reset to the “zero" time, which for the iPhone is January 1, 2001.
Infrastructure errors, device glitches and user errors could all cause an iPhone’s time to be set before the pictures from the album were taken. The consultant believes that changing a phone’s time should not affect its security.
“The point to all this is that Apple should not rely on a simple timestamp to restrict image access,” Barkah adds. “In the big picture, if real ‘bad guys’ have physical access to your phone, then the game is over already.”