iOS 7 lock-screen bypass allows access to photos, contacts, social networking

Settle into your seats for the Return of the Lock-Screen Bypass, Part XVII: The iOS 7-ing. Once again, someon's figured out a way to access data from your iPhone or iPad without entering your lock code. (You do have a lock code, don't you?) As for what makes this time different from all other times, it's the first instance of a bug of this type in Apple's newest OS.

The trick was discovered by Jose Rodriguez, who also discovered similar bugs in iOS 6. In this case, it requires using the new Control Center feature to get into the Clock app, and then uses a bit of fleet-fingered dexterity to bring up the multitasking interface. From there, you'll see images of the other apps you recently had open, though most will have blank screens (pictured above). The only ones that can actually be brought to the foreground are those that Control Center can open, including the Calculator, Clock, and Camera.

Of them, the Camera app is the most worrying: Despite not having entered the PIN, somebody using this method can access all the pictures you've taken; they can also send such pictures to themselves via the Share pane, as well as see your contacts by trying to Message or email pictures. And as I confirmed myself, they can also post images to Twitter or Facebook.

Apple, for its part, has told multiple news outlets that it's aware of the bug, which it says will be fixed in a future release. Until then, if you're concerned about the bug, it's best to disable access to Control Center from your lock screen in Settings > Control Center.

Stay tuned for the next thrilling installment in the Lock-Screen Bypass series, sure to hit a tech news site near you soon.

Tags securityiPhonehardware systemssmartphonesmobile securitytabletsipod touchiPadAppleconsumer electronicsios 7

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Endpoint Management Solutions

Endpoint Security Management

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.