Ade Barkah has posted on his site Peekay.com details about his discovery of a bug in iOS which allows access to the camera roll when the device is locked. Rolling back the Date & Time will allow unauthorized access to any photos that were already taken on any future Date & Time.
Summary
If the Date & Time IS ROLLED BACK on an iOS device running 5.x a malicious actor will have unauthorized access to the photos with future dates and times in the camera roll.
FACTS
- Rolling back the Date & Time on a device running iOS 5.x will allow access to the camera roll on a locked device to images with only with future dates and times.
RISK
There is a RISK that if you travel across time zones and your Date & Time is rolled back a malicious actor with physical access to your device can access your camera roll without the need for a Passcode and access photos taken between the two times.
Overall RISK: LOW RISK
Mitigation
General Users
Make sure that Set Automatically is enabled in General>Date&Time to ensure that your device has the current Date & Time for your current Time Zone.
Set Automatically Date & Time
This will ensure correction by your location's temporal condition until Apple's update.
Result-Residual RISK: Extremely Low RISK (Pending Update.)
High Value Users
Restricting the Camera ensures that this bug will not be triggered. High value users should considered this option when traveling. This can further be managed by using Configuration and Provisioning Profiles which includes the capability to configure Restrictions on iOS devices. Enterprise managers can manage restrictions using the iPhone Configuration Utility.