iOS 7 bug lets intruders bypass iPhone's passcode, get access to Photos app
Following the release of iOS 7, a new security hole has been discovered that lets users bypass the passcode on any iOS device and gain access to the Photos app and subsequently to the user's email and social networking accounts.
A user named Jose Rodriguez has posted a video on YouTube demonstrating the security hack. Control center, the new settings and utility app shortcuts drawer that's included in iOS 7 can be used to bypass the passcode lock that allows users to protect their iPhones using a 4 digit code.
All that someone needs to do is to fire up the control center by swiping up from the bottom of the iPhone's lock screen and open the Camera app. Since the phone is locked the intruders would not be able to see anything when they open the Photos app through it. However, they can then launch the Clock app from the control center and hold the iPhone's power/ screen lock button till they see Slide to power off button at the top and Cancel button at the bottom. The intruders then simply need to tap on the Cancel button and quickly press the iPhone's Home button twice to fire up the multitasking menu, where the Camera app would appear (the other open apps would also appear but won't be accessible).
The intruders would be able to access the Photos app through the Camera app and get access to the user's Messages, Mail, Twitter, Facebook and Flickr accounts via the sharing menu.
The vulnerability was first reported by Forbes which was also able to reproduce the hack on an iPhone 5 and an iPad. We tried to reproduce the hack on an iPhone 5 running iOS 7, but were not successful.
Interestingly, it's very easy to prevent your iPhone from this hack. You can simply go to the Settings app, tap on Control Center and turn off 'Access on Lock Screen' option.
Apple has acknowledged the vulnerability and has said that it will deliver a fix in a future update. An Apple spokesperson told Forbes, " Apple takes security very seriously and we're aware of this issue. We'll deliver a fix in a future software update."
A user named Jose Rodriguez has posted a video on YouTube demonstrating the security hack. Control center, the new settings and utility app shortcuts drawer that's included in iOS 7 can be used to bypass the passcode lock that allows users to protect their iPhones using a 4 digit code.
All that someone needs to do is to fire up the control center by swiping up from the bottom of the iPhone's lock screen and open the Camera app. Since the phone is locked the intruders would not be able to see anything when they open the Photos app through it. However, they can then launch the Clock app from the control center and hold the iPhone's power/ screen lock button till they see Slide to power off button at the top and Cancel button at the bottom. The intruders then simply need to tap on the Cancel button and quickly press the iPhone's Home button twice to fire up the multitasking menu, where the Camera app would appear (the other open apps would also appear but won't be accessible).
The intruders would be able to access the Photos app through the Camera app and get access to the user's Messages, Mail, Twitter, Facebook and Flickr accounts via the sharing menu.
The vulnerability was first reported by Forbes which was also able to reproduce the hack on an iPhone 5 and an iPad. We tried to reproduce the hack on an iPhone 5 running iOS 7, but were not successful.
Interestingly, it's very easy to prevent your iPhone from this hack. You can simply go to the Settings app, tap on Control Center and turn off 'Access on Lock Screen' option.
Apple has acknowledged the vulnerability and has said that it will deliver a fix in a future update. An Apple spokesperson told Forbes, " Apple takes security very seriously and we're aware of this issue. We'll deliver a fix in a future software update."
Comments
Post a Comment