New iOS 7 flaw bypasses lock screen, allows attackers to make calls

New iOS 7 flaw bypasses lock screen, allows attackers to make calls

Summary: If bypassing iOS 7's lock screen to gain access to photos and contacts is not enough, a new vulnerability will allow attackers to call their mates and tell them all about it.

SHARE:
TOPICS: Security, Apple, iPhone
5

A new security flaw in iOS 7 allows attackers to make calls to any phone number while bypassing the mobile operating system's lock screen.

Karam Daoud posted a video of the process to YouTube two days ago, and alerted Forbes of the vulnerability.

The video shows Daoud entering a telephone number on the operating system's emergency dialler, which is usually restricted only to numbers used by emergency services, and repeatedly attempting to make the call. After several rejected attempts, the screen goes black, showing the Apple logo, while the call is made in the background.

According to Forbes, Daoud has already contacted Apple to make it aware of the vulnerability.

iOS 7's lock screen has been under close scrutiny after Canary Islands-based soldier Jose Rodriguez discovered that it could be bypassed to allow full access to the device's photos and contacts. A similar bug was reported in the beta version of iOS 7.

The latest version of the operating system still represents an overall improvement in mobile security though. It patches 80 security vulnerabilities, whereas iOS 6 patched 197 vulnerabilities.

Lock screen bypasses are not isolated to iOS. Samsung's TouchWiz software, which runs on top of Android, has its own flaws that allow attackers to bypass the lock screens on the Galaxy Note II and Galaxy S III.

Topics: Security, Apple, iPhone

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • 3 Flaws in two days

    But who's counting...
    greywolf7
  • Re: 3 flaws

    I wonder whether this one can be avoided by clicking a single setting on the Preferences page - like the first two?
    Slurry
  • Was the first “bug” even a bug?

    iOS 7 gives you the choice of taking (and deleting) photographs without unlocking the phone.

    Apple chose to set the default to “Yes - allow this phone to take & delete photos without unlocking” so it would work in exactly the same way as the billion cameras that are out there.

    However, because this camera has a phone and computer attached to it, everyone has been jumping up and down yelling “bug”!

    Was it a bug or an unpopular default setting?
    Slurry
    • That's actually slightly incorrect...

      Actually, when the phone is locked, you can only delete photos without unlocking the phone if you took them while the phone was locked. As soon as you exit the camera or press the lock button, those photos are no longer accessible until you unlock the phone.

      And why shouldn't you be able to take photos without unlocking the phone? It's for quick access. It comes in handy sometimes. And the iPhone, is definitely not the only phone that lets you do that. I found most Android phones do too.
      jothousand
  • Re: That's actually slightly incorrect...

    Thanks for pointing that out. I chose the setting that disables the camera when my iPhone is locked, immediately after installing iOS 7. Because of this, I haven’t personally encountered the issue, or taken the time to investigate it, so your correction is well taken.

    I agree with your second paragraph. It was only when I pictured the iPhone as a camera (albeit with lots of other features) that it occurred to me that the "lock bug" reports were simply ludicrous. This position sounds like it's borne out by your observation about Android phones.
    Slurry