New iOS 7 flaw bypasses lock screen, allows attackers to make calls

Summary:If bypassing iOS 7's lock screen to gain access to photos and contacts is not enough, a new vulnerability will allow attackers to call their mates and tell them all about it.

A new security flaw in iOS 7 allows attackers to make calls to any phone number while bypassing the mobile operating system's lock screen.

Karam Daoud posted a video of the process to YouTube two days ago, and alerted Forbes of the vulnerability.

The video shows Daoud entering a telephone number on the operating system's emergency dialler, which is usually restricted only to numbers used by emergency services, and repeatedly attempting to make the call. After several rejected attempts, the screen goes black, showing the Apple logo, while the call is made in the background.

According to Forbes, Daoud has already contacted Apple to make it aware of the vulnerability.

iOS 7's lock screen has been under close scrutiny after Canary Islands-based soldier Jose Rodriguez discovered that it could be bypassed to allow full access to the device's photos and contacts . A similar bug was reported in the beta version of iOS 7 .

The latest version of the operating system still represents an overall improvement in mobile security though. It patches 80 security vulnerabilities , whereas iOS 6 patched 197 vulnerabilities .

Lock screen bypasses are not isolated to iOS. Samsung's TouchWiz software, which runs on top of Android, has its own flaws that allow attackers to bypass the lock screens on the Galaxy Note II and Galaxy S III.

Topics: Security, Apple, iPhone

About

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.