Familiar passcode flaw discovered in iOS 7

Share this article:

A familiar little flaw in Apple's iOS 6 that allowed users to bypass the passcode lock screen has reappeared in iOS 7, making it the first significant vulnerability discovered in the mobile operating system that was released on Wednesday.

The bypass – which Apple has said it is aware of and working to fix – has been replicated by users on iPhone and iPad devices. It was discovered by Jose Rodriguez, who gained fame in the past for finding ways to slip past Apple's iOS security protocols for lock screens. He demonstrated the bug on YouTube

It works by swiping up on the lock screen to bring up the Control Center, a feature new to iOS 7. From there, open up the alarm clock. Next, hold the sleep button until the power off option comes up, and then hit cancel while double-clicking the home button. The final click must be held a little longer for the exploit to work.

Doing all that will bring up the multitasking screen. Notably, this allows access to the camera and to photos stored on the device, which hijackers can share via email, Twitter, Facebook, Flickr and the like – ultimately compromising those accounts.

Until Apple releases a fix, a temporary solution is to disable access to the Control Center while the device is locked. This change can be made in device "settings."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.