Familiar passcode flaw discovered in iOS 7

Share this article:

A familiar little flaw in Apple's iOS 6 that allowed users to bypass the passcode lock screen has reappeared in iOS 7, making it the first significant vulnerability discovered in the mobile operating system that was released on Wednesday.

The bypass – which Apple has said it is aware of and working to fix – has been replicated by users on iPhone and iPad devices. It was discovered by Jose Rodriguez, who gained fame in the past for finding ways to slip past Apple's iOS security protocols for lock screens. He demonstrated the bug on YouTube

It works by swiping up on the lock screen to bring up the Control Center, a feature new to iOS 7. From there, open up the alarm clock. Next, hold the sleep button until the power off option comes up, and then hit cancel while double-clicking the home button. The final click must be held a little longer for the exploit to work.

Doing all that will bring up the multitasking screen. Notably, this allows access to the camera and to photos stored on the device, which hijackers can share via email, Twitter, Facebook, Flickr and the like – ultimately compromising those accounts.

Until Apple releases a fix, a temporary solution is to disable access to the Control Center while the device is locked. This change can be made in device "settings."

Share this article:

Sign up to our newsletters

More in News

Incapsula mitigates multi-vector DDoS attack lasting longer than a month

Incapsula mitigates multi-vector DDoS attack lasting longer than ...

Incapsula's scrubbing servers were able to filter out more than 50 petabits of malicious DDoS traffic aimed at a video game company for longer than a month.

UPS announces breach impacting 51 U.S. locations

The shipping and printing provider said malware has been present on some stores' computer systems since mid-January.

'Machete' espionage campaign targets orgs in Venezuela, Ecuador

The campaign targets Spanish speaking victims, which also appears to be the native language of attackers.