Timestamp security bug leaves your photos vulnerable under iOS 5

A newly discovered timestamp security bug may leave your iOS device photos exposed regardless of whether or not your device is passcode locked. Ade Barkah, a Canadian tech consultant, has figured out that changing the time on your device will leave any photo taken in the "future" accessible via the quick camera toggle on the home screen.

The quick toggle is a new feature in iOS 5 that allows you to double tap your home button to access your camera app. From there you can tap into your image gallery. If your phone is passcode locked, you will receive a message asking you to unlock your device to view photos. Unless you change the time on your device. Anything taken after that time stamp will be viewable as the phone will assume nothing exists after that point in time.

Turns out Apple’s restriction is just a simple filter based on the timestamp when the Camera app was invoked. You’re allowed to see all images with a timestamp greater than this invocation time. Yet that leads to an immediate hole: if your iPhone’s clock ever rolls back, then all images with timestamps newer than your iPhone’s clock will be viewable from your locked phone.

This could be a potential issue for anyone that travels frequently or has a need to change timezones. You can test this by simply changing the time and popping into your quick toggle even when the phone is locked. Better get to deleting those inappropriate pictures!

Source: Peekay.org via CNET

Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Allyson Kazmucha

Senior editor for iMore. I can take apart an iPhone in less than 6 minutes. I also like coffee and Harry Potter more than anyone really should.

More Posts



← Previously

Daily Deal: 63% off Ventev EcoCHARGE Travel Charger for iPhone

Next up →

Zephyr updated to version 1.0.2-1 with more enhancements [Jailbreak]

Reader comments

Timestamp security bug leaves your photos vulnerable under iOS 5


Most likely this doesn't effect travelers, because the timestamps are stored without time zone data. As long as the time is adjusted by the tower, changing just the time zone of the device, wouldn't you be ok?

Just what I was thinking, although technically timestamps are usually stored and compared in a standard timezone (usually UTC).
Even the time changes in the Spring and Fall are treated like timezone changes. So the only way this would be an issue is if someone can get into your iPhone settings (making the problem moot anyway) or they have hacked the network's time signal. In either case there are more serious things to worry about than just a few photos.
It doesn't seem like a flaw with the implementation, just a quirk. I can't see how it would be exploited.

Maybe this is a huge deal for some but in the off chance I happen to change my time on my iphone and someone steals or finds my lost iPhone, the last thing I'm going to be worried about is the picture of my dog I just took.

Well if people want to look at my photo's they can, this type of 'security' vulnerability is a non-plus, certainly not the most worrisome security flaw. I would be more worried about someone having my iphone than I would them looking at the photo's that I have on it.
Ahem.... unless there was something a bit oooer embarrassing missus!

Co-sign, 9 times out of 10, people don't even touch my phone. And when they do wanna sniff around my phone and look at my apps and photos, yeah go ahead. And if they even think about stealing my phone, well chances are, I'll find them sooner or later. I think that, while this may be an issue to some, it's not one to get hyped up about.

I just tried it....but, in order for this to work, someone would have to change your system time ahead....then you would have to take pictures....then, they would need to set your time back to the correct time....then go back & view them. Like the others said....I don't see this as a huge issue. No one is changing settings in my phone once....let alone twice!