Jailbroken Apple TV 2 Bug Lets User Access Stranger's Photostream Via MobileMe Account

[Phillip Swanson]

ModMyi user Brandyn Baker ran into an interesting Apple TV glitch that allows him to view a complete strangers photo stream.

Baker has his Apple TV 2 (firmware 4.4.4) Jailbroken using Seas0nPass like many of you. However, while attempting to sync his Mobile Me account he accidentally entered the wrong email address.

The thing is, the wrong one was someone else's and I can see all their pictures from photo stream! I tried it with some other original names and it worked again...

After numerous google searches I wasn’t able to find a topic or thread about this specific bug. A number of complaints surfaced from users unable to sync their MobileMe accounts with Apple TV, but none accidentally happened across someone else’s account entirely.

Apple has yet to respond to our emails regarding the bug.

Any other MMi members out there experience this bug? Has anyone been in contact with Apple about it?

Source: Brandyn Baker

[trialnterror]

Wow

[szr]

I assume this only allows one to view photos, but not actually edit anything.

[havoc0351]

I assume this only allows one to view photos, but not actually edit anything.

I sure hope so. This is one hell of a bug. I hope no one has any "private" pictures on their photo stream...

[kuhndsn]

Phillip Swanson 06:47 PM Today
"Apple has yet to respond to our emails regarding the bug".

Why would apple respond? Since the device is Jailbroken if they did respond it would be in the form of why they don't allow Jailbroken devices. Thus if this turns out to be true and was because of a JB tweak only supports their strong stance against JBing

No prob with mine. However, my apple tv is not Jailbroken

[Phillip Swanson]

Phillip Swanson 06:47 PM Today
"Apple has yet to respond to our emails regarding the bug".

Why would apple respond? Since the device is Jailbroken if they did respond it would be in the form of why they don't allow Jailbroken devices. Thus if this turns out to be true and was because of a JB tweak only supports their strong stance against JBing

No prob with mine. However, my apple tv is not Jailbroken

Thats the issue though, is this a bug because of the jailbreak or simply a MobileMe Apple TV bug. Most likely it is because of the jailbreak, but it still begs clarification.

[Gaijinboy]

Phillip Swanson 06:47 PM Today
"Apple has yet to respond to our emails regarding the bug".

Why would apple respond? Since the device is Jailbroken if they did respond it would be in the form of why they don't allow Jailbroken devices. Thus if this turns out to be true and was because of a JB tweak only supports their strong stance against JBing

No prob with mine. However, my apple tv is not Jailbroken

It's Apple's responsibility to protect personal iCloud info, whether it's from JB'd devices. UnJB'd devices, or anywhere really.

[Captinsmooth]

I think apple won't respond because its obvious the jailbreak is the cause of this breach. I also think its very irresponsible to be reporting this huge security flaw at modmyi, that's obviously due to the jail break. Its great, now people have to worry about there photo stream being accessed. What happen to Modmyi? There use to be a interest in protecting users, now its what ever news you can break.....

[msb2011]

Phillip Swanson 06:47 PM Today
"Apple has yet to respond to our emails regarding the bug".

Why would apple respond? Since the device is Jailbroken if they did respond it would be in the form of why they don't allow Jailbroken devices. Thus if this turns out to be true and was because of a JB tweak only supports their strong stance against JBing

No prob with mine. However, my apple tv is not Jailbroken

Why wouldnt they respond. They must i mean regardless of jailbreak no body should be able to acess someone else mobile me account. This is a huge security flow with apple.

I think apple won't respond because its obvious the jailbreak is the cause of this breach. I also think its very irresponsible to be reporting this huge security flaw at modmyi, that's obviously due to the jail break. Its great, now people have to worry about there photo stream being accessed. What happen to Modmyi? There use to be a interest in protecting users, now its what ever news you can break.....

This is protecting users. Now we know what do at least for short term so that some junky out there cant acess our private pics.

[Agent929]

Why would apple respond? Since the device is Jailbroken if they did respond it would be in the form of why they don't allow Jailbroken devices. Thus if this turns out to be true and was because of a JB tweak only supports their strong stance against JBing

That's bull. A security issue is still a security issue. If my information can be pulled onto somebody elses account, I would be pissed. It doesn't matter how they got it, Apple is suppose to secure my stuff.



Mr. Swanson....geez I really wouldn't have put that up there until the bug got fixed. Don't you think that will get users starting to try this? Which I may add is illegal??

[luvmytj]

I think apple won't respond because its obvious the jailbreak is the cause of this breach. I also think its very irresponsible to be reporting this huge security flaw at modmyi, that's obviously due to the jail break. Its great, now people have to worry about there photo stream being accessed. What happen to Modmyi? There use to be a interest in protecting users, now its what ever news you can break.....

Yeah, I gotta agree with you. Ya know everyone is on their jailbroken ATV's entering random emails now...

[brandyn baker]

i forgot to add that some of them had locked albums so ther IS a way to secure your pictures. and to the person that said its becuase i was jailbroken is wrong! i could do this without the jailbreak as well... so dont jump to conclusions bro!

you cant edit anything and if the user has a lock on the album you need the password, so there is a way to further protect yourself!

you cant acces them if your album has a password for the album!

[Lamppost]

Unless I'm missing something this is not a bug at all!
From the video it looks like all that's happening is viewing another user's public MobileMe galleries.
You can do this out of the box on an AppleTV, or on an iOS device using Apple's own Gallery app! So not so much a bug as an deliberate feature.
An nothing to do with iCloud's photostream.

[Delerowen]

Unless I'm missing something this is not a bug at all!
From the video it looks like all that's happening is viewing another user's public MobileMe galleries.
You can do this out of the box on an AppleTV, or on an iOS device using Apple's own Gallery app! So not so much a bug as an deliberate feature.
An nothing to do with iCloud's photostream.

Yeah what he said. After a bit of digging around myself, it's an apparent feature. You don't have to have mobileme to even be able to look at peoples photo. So while this may be little worrisome, it's nothing to worry about. It's just a feature of MobileME.

[bijju]

apple need to fix it fast or i would say goodbye to Mobile me or even apple new beta products

[recognition]

Yeah what he said. After a bit of digging around myself, it's an apparent feature. You don't have to have mobileme to even be able to look at peoples photo. So while this may be little worrisome, it's nothing to worry about. It's just a feature of MobileME.

Absolutly true, just go to the MobileMe gallery app on the app store and read the description,

and I quote...

"To view a friends gallery, simply choose their name from your contacts or enter their MobileMe member name and you'll get instant access to their PUBLICLY SHARED PHOTO'S, too."

Apple don't need to do anything, if you haven't set up your photo stream properly or are taking photos you don't want publicly shared you should be taking more care and reading the full description of the service!

People are just moaning because they're to lazy to read what the service actually does!

[AUZambo]

Interesting. I'll have to give it a shot.

*EDIT for 2 reasons:
1. Could the developers of this site please fix the bug that causes only one of the posts to show up when you click the article link from the main page? It doesn't happen all the time, but it happens frequently enough that it's annoying!

2. I guess I won't be giving it a shot since it appears to be a feature available to all ATV2 owners....which makes me wonder why Apple hasn't responded to questions about this with something like, "You big dummy. That's a feature built into the device, whether it's jailbroken or not."

[Raahem]

Bahahahahahhaha you're all stupid and gullible

l2put photos on private

[dz302]

Thats the issue though, is this a bug because of the jailbreak or simply a MobileMe Apple TV bug. Most likely it is because of the jailbreak, but it still begs clarification.

Your amazing Phil. Why would you think it "begs" clarification? The security issue is on only jb'n units and your holding
Apple accountable to research this? You emailed Apple and they have yet to answer you? lol Heads will roll at Apple
if corporate should find out you've been kept waiting. Painful Phil, very painful.

dz

[aaroncm]

Some people are so stupid.

It's Apples responsibility to fix an iCloud vulnerability. If a jailbroken ATV can access a non-jailbroken ATV's stream, then Apples at fault here, and needs to patch it up.

@people saying its jailbreakers fault.