iOS 7 lock screen bypass flaw allows full access to photos, contacts: Here's how to fix it

iOS 7 lock screen bypass flaw allows full access to photos, contacts: Here's how to fix it

Summary: UPDATED 3: The iOS 7 lock screen can be bypassed with a series of gesture techniques. This major bug makes the entire device's contact data open for taking, as well as allowing photos to be edited, deleted, and shared with others.

SHARE:
TOPICS: Security, iOS, iPhone
48
touchidhero-v2-620x362
(Image: Apple; Screenshot: ZDNet)

Editor's note: We have updated this piece, first published on September 19, following reports that this bug also allowed access to contact data. See below for updates.

Just one day after Apple's latest mobile operating system iOS 7 was released to the public, one user discovered a security vulnerability in the software's lock screen.

In a video posted online, Canary Islands-based soldier Jose Rodriguez detailed the flaw, which allowed him to access the multitasking view of the software without entering a passcode. With this, it's possible to access personal and sensitive data on the device, including contact details of others, as well as any photos or videos taken.

The video, replicated below, shows the sequence of presses and taps that make this exploit possible, despite being fiddly and taking many attempts. The first step is to bring up the device's Control Center and accessing the Clock app, then hold down the power button until you are given the on-screen prompt to shut down the device. After you hit cancel, immediately double-tapping the home button brings up the multitasking view as expected.

With this bug, it's possible to access an array of photos under the Camera Roll, and thus access to sharing features — including Twitter.

If the Camera app is opened first (provided it is accessible from the lock screen), by exploiting the same sequence of presses, the Camera Roll opens up. From here, images can be deleted, uploaded, edited, and shared with others. 

ZDNet confirmed this bug exists on an array of devices. In our New York newsroom, we tested on iOS 7 on an iPhone 4S, an iPhone 5, and the new iPhone 5c.

All devices were exploited in the same way with the lock screen bypass technique, and all devices acted in exactly the same fashion. 

Screen Shot 2013-09-19 at 16.35.10
These screenshots were taken of an iPhone 4S, giving access to photos and sharing features, despite being locked with a passcode. (Image: ZDNet)

Perhaps more concerningly, this bug also allows unfettered access to contact data — from the Contacts app — should one choose to share a photo via iMessage.

As soon as one writes a new message, adding a new contact allows complete and unrestricted access to contact details of friends, family members, and colleagues. Email addresses, phone numbers, and other personal and sensitive data can be accessed via this lock-screen flaw.

upload-w3905u2396u23
It is possible to access the entire device's contact list via this bug. (Image: ZDNet)

You can see in the video (below) that even though the multitasking view — which offers a much larger view than previous iOS iterations — is viewable, the contents of the apps are not visible.

iOS 7 blurs the contents of the apps, meaning would-be attackers cannot see what is going on. The only exception is the home screen, which is viewable, including which apps have been installed, along with the user's wallpaper.

Despite the flaw, iOS 7 patches 80 security vulnerabilities, according to ZDNet's Larry Seltzer. But this kind of flaw, albeit minor, may not install a vast amount of confidence in users already jarred by the new design and user interface.

Rodriguez also found a bug in iOS 6.1.3, which allowed potential hackers to access an iPhone running vulnerable software by ejecting the SIM card tray.

Until Apple issues an official fix, iOS 7 users can simply disabling access to the Control Center on the lock screen. In Settings, then Control Center. From here, swipe the option on Access on Lock Screen so that it no longer displays on the lock screen.

We put in a request for comment to Apple but did not hear back at the time of writing. An Apple spokesperson told AllThingsD, however, that the company is "aware" of the issue and will deliver a fix soon.

Update 1 at 4:15 p.m. ET: with additional details regarding the Camera app. Also added additional attribution to Forbes, which was mistakenly omitted from the original piece.

Update 2 at 5:40 p.m. ET on September 22: with additional details on access to contact data.

(via Forbes)

Topics: Security, iOS, iPhone

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

48 comments
Log in or register to join the discussion
  • While I didn't expect it to be that difficult...

    The first thing I did when setting up iOS 7 on my different devices was to disable it even before I heard of this 'flaw". Personally, it should have been disabled by default.
    Vulpinemac
  • That didn't take long

    I wonder if this was just discovered or if it was previously known. I think there tends to be a number of flaws lurking around that people know about but haven't reported.
    greywolf7
    • You gotta sit here and wonder how long the guy

      sat there trying all sorts of combinations to see if he could bypass the lock screen. Still, that being said, Apple has a history of their lock screen being swiss cheese.
      baggins_z
      • Bored Soldier

        Yup Mr Baggins, I was thinking exactly the same thing
        steve@...
  • OMG! EVIL APPLE INTENDED IT THAT WAY!

    Drum roll for all the people who are gonna post how awful Apple is and how they deserve to go out of business and how Google's (highly fragmented with nearly a 50% margin running versions 2-3 years old) Android and Windows (1% market share) Phone is superior in every way...

    Troll Bait dropped and and waiting with a beer in the boat :)

    Okay enough sarcasm for a day!

    This actually is a worthy security issue, and I hope they patch it in 7.0.1.

    I think my line just nudged a little...
    dragnn
    • Actually....

      Windows Phone has almost 4% these days... (and I'm one of those millions)
      DJK2
      • YAY!

        The more competition the better! I hope they keep improving their OS so the heat is on Apple and the Goog

        I'm also an Android user, I would cut you if you took my Nexus 7!
        dragnn
        • LOL...

          "I would cut you if you took my Nexus 7!"

          Pretty hard to do with your undies wedged up your a$$.

          LOL... Android dorks.

          It is to laugh.
          MacUeber@...
          • Oh boy... You're one of those 0_o

            FWIW, I have had a PB 15" in 2004 and since then I've own 3 Macbook Pros and 2 Macbook Airs, plus the original iPhone, 3G, 4, and 5....

            It's a$$hat Apple Fanboys like you that make the rest of us look bad! How about respecting what each party has brought to the table and enjoying the benefit of the competition?
            dragnn
          • How about not...

            "How about respecting what each party has brought to the table and enjoying the benefit of the competition?"

            Let's see, we should just completely ignore the fact that instead of inventing original products, they just wait for Apple to develop an excellent product, THEN they blatantly steal the concept, in form and function, right down to the icons.

            No, you go ahead and play around with the cheap Apple knock-offs. I'll stick to the original.

            It is to laugh...
            MacUeber@...
          • lol....at bitten apple user

            I have seen these transparent screens and the functions in swiping in my android 2.1 devices...u can even control the level of transparency..
            Any way i pity you for lacking brain and shaking your head like sheep to your apple shepherd (its design what they like not you babe) but its not with android....and now you are saying stolen...use your brain who stolen what...
            (after years of existence they copied panorama effect and said its new why cant apple define a working app or give a quick access to set a tone u want from music)....may god shed light of knowledge on you folks.....we call kids genius for little things they do coz thats what the sre capable off...likewise to apple also
            remoremo
          • Really

            Like Apple invented the mouse?
            My daughter upgraded to iOS7, you know what her most often repeated comment was? "It does x now, just like Android."
            jred
      • Windows Phone

        I am one of those millions also.
        lloydkuhnle@...
    • SHITE

      You talk SHITE my friend
      vlf126
  • No panic

    so far nobody reports electric shock
    keruzam
    • Yet

      *disclaimer : I do not encourage normal folks to abuse their devices. Abby Normals however .....
      rhonin
    • so far

      "so far nobody reports electric shock"

      reporting requires survival, or being found - give it a few days :)

      \
      john-whorfin
  • Horrors...

    You meant to tell me if I lose my phone, and some miscreant bent on sowing ill-will and destruction finds it, he (or she... let's be fair) can find a way to delete and/or share my photos???
    Upon reading this, I can see the phone-thieves of the world fiendishly rubbing their hands together, and twisting their well-waxed handlebar mustaches in evil anticipation! "Finally! A way to delete someone else's phone-cam photos! Mwah ha ha ha!!"
    SbySW
    • That's bad

      If you have a collection of Anthony-Weiner photos on there. Unless Apple camera app censors those automatically.
      NotMSUser
    • Gott im Himmel!

      Someone who has physical access to my phone, and malicious intent, can delete my photos! Tell me this isn’t true!

      What’s really - I mean really, really - bad, is that it takes a swipe and a click to fix the “bug."

      As someone who was not "jarred by the new design and user interface” (it just adds some nice new features to iOS 6, IMO), I agree that this “bug”:

      "may not install (sic) a vast amount of confidence..”

      To “install” confidence, my brain needs a full service pack: when it comes to _instilling_ confidence, this “bug” has no impact.

      (Certainly, this behaviour should have been disabled by default. However, it wouldn’t surprise me if Telcos could change this default remotely, but I’d have to check to be sure.)

      N.B. My YouTube video and blog will be carrying a thorough, 10,000 word description, analysis and interpretation of the implications of the (“a”?) bug in this article.

      In brief, the author has written “install” instead of “instill” - an error quite as serious as the iOS bug described here.
      Slurry