New iOS 7 flaw bypasses lock screen, allows attackers to make calls

If bypassing iOS 7's lock screen to gain access to photos and contacts is not enough, a new vulnerability will allow attackers to call their mates and tell them all about it.
Written by Michael Lee, Contributor

A new security flaw in iOS 7 allows attackers to make calls to any phone number while bypassing the mobile operating system's lock screen.

Karam Daoud posted a video of the process to YouTube two days ago, and alerted Forbes of the vulnerability.

The video shows Daoud entering a telephone number on the operating system's emergency dialler, which is usually restricted only to numbers used by emergency services, and repeatedly attempting to make the call. After several rejected attempts, the screen goes black, showing the Apple logo, while the call is made in the background.

According to Forbes, Daoud has already contacted Apple to make it aware of the vulnerability.

iOS 7's lock screen has been under close scrutiny after Canary Islands-based soldier Jose Rodriguez discovered that it could be bypassed to allow full access to the device's photos and contacts. A similar bug was reported in the beta version of iOS 7.

The latest version of the operating system still represents an overall improvement in mobile security though. It patches 80 security vulnerabilities, whereas iOS 6 patched 197 vulnerabilities.

Lock screen bypasses are not isolated to iOS. Samsung's TouchWiz software, which runs on top of Android, has its own flaws that allow attackers to bypass the lock screens on the Galaxy Note II and Galaxy S III.

Editorial standards