New iOS 7 vulnerability lets you bypass the lockscreen

20 September, 2013

The latest version of Apple's mobile operating system, iOS 7, is already avaiable to iPhone and iPad users and we now hear of the first (fairly significant) userland exploit. This one lets people bypass the phone's passcode lockscreen via the phone's new control center feature.

Many users have since confirmed the bug. To make use of the exploit, you swipe up from the lockscreen to access the new control center and open the alarm clock. You hold the power/lock button for while, which brings up the option to power it off. You cancel that but at this point you can double-tap the home button and open up the phone's multitasking screen, which gives you access to the camera and stored photos, as well any logged-in email and social networking accounts.

Here's a video showing off the exploit in action:

The trick requires a very specific double-tap on the home button, namely a short press followed by a long press.

An Apple spokesperson has since confirmed that the company is aware of the issue, and plans on fixing it by means of a software update.

This follows another reported leak which involves disabling the "Find my iPhone" feature, even if the device is locked. Potential thieves can disable the location feature by enabling airplane mode via the Siri virtual assistant - accessible even through the lockscreen.

While you're waiting for a hotfix from Apple, you can eliminate the vulnerability by disabling access to the control center from your lockscreen via the settings menu.

Source 1 | Source 2