Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Familiar passcode flaw discovered in iOS 7

A familiar little flaw in Apple's iOS 6 that allowed users to bypass the passcode lock screen has reappeared in iOS 7, making it the first significant vulnerability discovered in the mobile operating system that was released on Wednesday.

The bypass – which Apple has said it is aware of and working to fix – has been replicated by users on iPhone and iPad devices. It was discovered by Jose Rodriguez, who gained fame in the past for finding ways to slip past Apple's iOS security protocols for lock screens. He demonstrated the bug on YouTube

It works by swiping up on the lock screen to bring up the Control Center, a feature new to iOS 7. From there, open up the alarm clock. Next, hold the sleep button until the power off option comes up, and then hit cancel while double-clicking the home button. The final click must be held a little longer for the exploit to work.

Doing all that will bring up the multitasking screen. Notably, this allows access to the camera and to photos stored on the device, which hijackers can share via email, Twitter, Facebook, Flickr and the like – ultimately compromising those accounts.

Until Apple releases a fix, a temporary solution is to disable access to the Control Center while the device is locked. This change can be made in device "settings."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.