iOS 7 lock-screen bypass allows access to photos, contacts, social networking

  • Dan Moren (Macworld.com)
  • — 20 September, 2013 15:09

Settle into your seats for the Return of the Lock-Screen Bypass, Part XVII: The iOS 7-ing. Once again, someon's figured out a way to access data from your iPhone or iPad without entering your lock code. (You do have a lock code, don't you?) As for what makes this time different from all other times, it's the first instance of a bug of this type in Apple's newest OS.

The trick was discovered by Jose Rodriguez, who also discovered similar bugs in iOS 6. In this case, it requires using the new Control Center feature to get into the Clock app, and then uses a bit of fleet-fingered dexterity to bring up the multitasking interface. From there, you'll see images of the other apps you recently had open, though most will have blank screens (pictured above). The only ones that can actually be brought to the foreground are those that Control Center can open, including the Calculator, Clock, and Camera.

Of them, the Camera app is the most worrying: Despite not having entered the PIN, somebody using this method can access all the pictures you've taken; they can also send such pictures to themselves via the Share pane, as well as see your contacts by trying to Message or email pictures. And as I confirmed myself, they can also post images to Twitter or Facebook.

Apple, for its part, has told multiple news outlets that it's aware of the bug, which it says will be fixed in a future release. Until then, if you're concerned about the bug, it's best to disable access to Control Center from your lock screen in Settings > Control Center.

Stay tuned for the next thrilling installment in the Lock-Screen Bypass series, sure to hit a tech news site near you soon.

Tags: security, iPhone, hardware systems, smartphones, mobile security, tablets, ipod touch, iPad, Apple, consumer electronics, ios 7

Organizations suffer SQL Injection attacks, but do little to prevent them

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Security Solutions-GigaVUE-420

In partnership, Newgen provides innovative network monitoring and security solutions based upon Gigamon’s GigaVUE-420 systems.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.