Another iOS, another iPhone lockscreen bypass flaw.
Hackers have had a only few days to play around with Apple’s latest mobile operating system, iOS 7, but apparently that’s all the time one of them needed to find a flaw that can allow anyone to bypass the lockscreen on phones running the much-buzzed about operating system.
Jose Rodriguez, an iPhone user in Spain who has proven in the past he’s proficient at bypassing iPhone lockscreens, has posted a new video to YouTube under the guise of videosdebarraquito.
In the video Rodriguez demonstrates how anyone can break iOS 7’s lockscreen to get full access to a users’ photo gallery, email and more with a few quick swipes of the finger.
Rodriguez swipes up on the phone’s lockscreen to access the control center, opens the timer application and holds the phone’s top button as if he’s going to turn it off. Instead, he hits cancel and double clicks the home button to access the phone’s side scrolling multitask feature.
Like any lockscreen hack, sometimes it’s easier said than done. In the video Rodriguez describes the click on the home button as a double click but “the second click is slightly stretched,” suggesting the bypass may be trickier to nail down.
Once in though, an attacker can open the phone’s camera, view photos and even send tweets or Facebook messages from the phone’s photo gallery.
As the video winds down, Rodriguez also demonstrates the bypass on an iPad running iOS 7.
Rodriguez found a similar lockscreen bypass flaw earlier this summer in the beta version of iOS 7. That bypass, which also utilized the upswipe feature in correlation with the phone’s calculator application, was fixed in the official iOS 7 release on Wednesday.
The update also addressed yet another lockscreen flaw that Rodriguez discovered on iOS 6.1 back in February. In that crack, he made an emergency call and held down the power button on an iPhone 5 twice to gain access to the phone, its contacts, voicemail and photos.
When contacted about the operating system’s most recent lockscreen flaw, Apple pointed us to a statement by company spokeswoman Trudy Muller. The statement just happens to be identical to one also made by Muller in February following Rodriguez’s iOS 6.1 hack: “Apple takes user security very seriously. We are aware of this issue, and will deliver a fix in a future software update,” Muller said.
The lockscreen hack is just one problem that’s popped up with iOS 7’s new swipeable control center. Earlier this week astute iPhone users noticed that anyone can take a users’ phone and enable Airplane Mode without entering the passcode – and in turn render the Find My iPhone function useless.
Researchers at Cenzic also noticed this week that if a user has the iPhone’s personal assistant Siri set up on iOS 7 they can send messages, post to Twitter and Facebook and call any phone without entering the passcode as well.
These aren’t all bugs per se – they’re more like security oversights as they can be tweaked in the settings.
Until the next OS update concerned users can head to Settings > Control Center on their phone to toggle “Access on Lock Screen” off to prevent it from popping up for just anyone.
There’s been an ongoing back and forth dialogue this week regarding the security of iOS 7 and the latest iPhone’s fingerprint reader. While a group of hackers have pooled together money for anyone who can bust the new Touch ID mechanism on the iPhone 5S, it seems that with the latest lockscreen hack, if you’re skilled and patient enough, there could be an even easier way into the devices.