iOS 7 lockscreen bypass bug only works when stars align

Jun 10, 2014
0
iOS 7 lockscreen bypass bug only works when stars align

Yes, there is yet another lock screen bug on iOS 7, discovered just days after iOS 8 was unveiled. But while this bypass can get you access to one, yes just one, app in 5 seconds, if you're fast enough, it can only really be triggered if certain conditions are present.

First, you need to have a missed call in your Notification Center. Second, you need to have access to Control Center enabled from the lock screen, which some who have experienced the first iOS 7 lockscreen bypass last year might have disabled. If those two prerequisites, are present, the process is quite simple. Once in the lock screen, simply bring up Control Center, turn on Airplane Mode, slide down Notification Center, and tap on the missed call notification. This will trigger a popup dialog that will also bring up the last app that was used.

There is one major limitation to this bug, aside from the preconditions. Users who try out this security loophole will only be able to access the last app that was used before the device was locked. That might not be a big deal, but, depending on what app that was, it could potentially leak out personal or sensitive data. Pressing the Touch ID button, fortunately, will bring you back to the lock screen.

This bypass is amusing in its simplicity, convoluted mechanics, and the fact that it has escaped the eyes and fingers of Apple's QA team. It's not like this is the first lockscreen bypass that is directly related to the Control Center. Last year, just after iOS 7 was released, a lockscreen bypass was also encountered that exploited the ability to summon Control Center from the lock screen. That was immediately fixed so it is a bit surprising to see another one so late in the game.

As before, the only fix is to disable access to Control Center from the lockscreen. Last time, Apple was fast to respond to that previous bypass, but that was when iOS 7 was still new and had much to prove. So far Apple has been silent but the bug is still quite new so we cannot fault them for that just yet. Luckily, iOS 8 seems immune to that vulnerability, but the next iOS version is still a few months away from making a difference in this regard.

VIA: 9to5Mac


Must Read Bits & Bytes