iOS 7 Bug Leaves Lockscreen Vulnerable For Access

Hot on the heels of news that a crowdfunded competition aims to figure out if the fingerprint security implementation on Apple's iPhone 5s can be exploited comes news of a proven security risk, squarely involving iOS 7. The exploit specifically involves the lockscreen, the most common piece of security that stops some unauthorized individual from gaining access to anything important on your phone.

The "hack", if you want to call it that, is simple: Swipe up on the lockscreen to enter the control center, and then open the alarm clock. From there, hold the phone's sleep button to bring up a prompt that will ask you if you wish to shut down, but instead of doing that, hit the cancel option, and then tap the home button to access the phone's multi-tasking screen.

With access to this multi-tasking screen, anyone could try opening up what you've already had open on your phone. If you had Twitter open, for example, this person might be able to pick up where you left off and post on your behalf. Or, they could access the camera - and of course, every single photo stored on the phone. This is definitely what I'd consider a significant security risk.

Around the Web, there's proof that this exploit does in fact exist, with many users backing that up. However, there do seem to be limitations to what can be done once access is granted. Some apps still might not accessible, for example, and so far, there doesn't seem to be much rhyme or reason to what's accessible. What is a certainty though is the fact that Apple is sure to be rather quick in patching this bug up. I'm not sure I'd go as far as to call the bug "critical", but when someone can access your photos and Twitter with just a couple quick swipes and taps on the screen, it sure isn't minor.

Via:  Forbes
Comments
DJohnson1 one year ago

So lets tell everyone how to do it. Smart.

JLeBoeuf one year ago

you mean a website who's sole purpose is to inform people about hardware, informed people about hardware? The madmen!

Dave_HH one year ago

Heh... JLB, too funny. DJ, relax. It's public information now and don't you think it's a good idea to make it known so Apple can close the hole?

RWilliams one year ago

It's good to reveal information like this so that users of these devices can be aware of them. I'd rather be aware of a major exploit that plagues the phone I bring everywhere rather than be oblivious to it.

Plus, as Dave says, this assures a quick patch-up on Apple's part.

Sevags one year ago

I hate ios7 period! It's absolutely horrible I don't know what they were thinking did no one test this OS internally? Did no one stand up to the designer and say "hey you are making it cumbersome to use, oh and there is a lockscreen exploit"...

I love the iPhone for the software updates! I hate the iPhone for not allowing you to revert to previous versions!

Sevags one year ago

Ok so I can verify that the exploit works on my ip5 however once it opens up the multitasking not only do the tiles not show previews of what I have open (including my photos) but it doesn't let me click and only ANY of the tiles except for the alarm which I already had access to from the lockscreen. The only harm I am seeing is someone can see what apps I was using last... It's still needs fixing but im not saying any way to do anything bad or get any info from this exploit?

RWilliams one year ago

It's app-specific. I've read elsewhere that Twitter is accessible, as is the email client (and camera as mentioned in the post).

costinul_ala one year ago

it is good complement for the touch id ..

Sevags one year ago

RobW; ok so it does give you access to the camera app but not the opened my photos app but if the person had the camera open you can open it and go to all the photos from there... That is a very bad thing yes!!!!!! It doesn't give access to the mail client thank god, and luckily I don't use twitter.

I don't understand how users can find this exploit in a day but not apple after months of "testing"

Post a Comment
or Register to comment