Another lock screen bypass reported in iOS 7

Another lock screen bypass reported in iOS 7

Summary: iOS 7.0.2, which was released in order to fix one lock screen bypass bug, has been reported vulnerable to another one.

SHARE:

Less than a week after the release of iOS 7.0.2, the purpose of which was to fix a lock screen bypass, Cult of Mac is reporting another such bypass, which they claim was actually added with the update.

The procedure for the bypass is complicated and requires a second device:

  1. Call another device you have nearby from a locked iPhone using Siri or voice control
  2. Tap the FaceTime button
  3. When the FaceTime app appears, hit the sleep/wake button
  4. Unlock the iPhone again
  5. Answer the call on the other device, then immediately end it
  6. After a few seconds, you’ll be taken to the Phone app

While it's complicated and you can't deviate much from the above script, Cult of Mac calls it a serious vulnerability, and it probably is. It makes one reasonable to presume that there are still other, perhaps simpler, bypasses available.

There is also a video demonstration which mostly shows how complicated the procedure is.

Topics: Security, Apple, iPhone, iPad, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • isnt it great to be popular

    Hackers will keep them busy fixing their crown jewel. It seems some of those jewels were just pasted on after all. Doh!
    greywolf7
  • Glad they have the super mega secure

    .... fingerprint scanner :)

    It's like locking the titanium tick door and let the window open.
    AleMartin
  • No, it doesn't make one presume at all that there

    are simpler bypasses available. In fact, it makes one presume just the opposite. Or did you think the hackers started with the most complex scenarios they could think of and then worked toward simpler ones?
    baggins_z
    • Attacks

      Not necessarily simpler but certainly leaves wondering about how many other attack vectors there are still - especially since it appears Apple continues to use retail customers as beta testers
      archangel9999
  • Again?

    I wouldn't touch a finger print scanner in general and this is another reason why.
    Gisabun