Friday, 20 September 2013

iOS 7 Bug Lets Anyone Bypass iPhone's Lockscreen To Hijack Photos, Email, Or Twitter


Forget the debate around the security or insecurity of the iPhone 5s’s fingerprint reader. The latest version of the iPhone’s operating system currently offers a gaping hole in its old-fashioned passcode lockscreen.
Jose Rodriguez, a 36-year-old soldier living in Spain’s Canary Islands, has found a security vulnerability in iOS 7 that allows anyone to bypass its lockscreen in seconds to access photos, email, Twitter, and more. He shared the technique with me, along with the video above.


As the video shows, anyone can exploit the bug by swiping up on the lockscreen to access the phone’s “control center,” and then opening the alarm clock. Holding the phone’s sleep button brings up the option to power it off with a swipe. Instead, the intruder can tap “cancel” and double click the home button to enter the phone’s multitasking screen. That offers access to its camera and stored photos, along with the ability to share those photos from the user’s accounts, essentially allowing anyone who grabs the phone to hijack the user’s email, Twitter, Facebook FB +0.34% or Flickr account.
I tested the technique on an iPhone 5 running iOS 7, and it worked. Rodriguez’s video shows it working on an iPad, too. It’s not yet clear if the same exploit can bypass the lockscreen of an iPhone 5s or 5c, but Rodriguez tells me he believes it will. I’ve reached out to Apple for comment and I’ll update this post if I hear from the company. Update: A spokesperson from Apple tells me that the company “takes security very seriously and we’re aware of this issue. We’ll deliver a fix in a future software update.”
Rodriguez has a track record of finding lockscreen bypass bugs in iOS, many of which he says he dug up while killing time in his old job as a driver for government officials. “I had a lot of time to look at the scenery, break the phone or write poetry while waiting for my boss, and I don’t write poetry and already knew the landscape by heart,” he tells me via instant message and Google translate. So he spent hours “trying everything that goes through my head…I submit my iPhone to cruel methods of torture.”
Rodriguez found a trick to bypass the lockscreen of iOS 6.1.3 in March, and then another one in iOS 7 beta. Though that beta bug was fixed in later versions of iOS 7, Rodriguez was able to find a new one within an hour of downloading the latest iPhone operating system by adapting tricks that worked on iOS 5 and 6. (He also tells me that this will be his last “hunting trip” for iPhone lockscreen bugs, as he has a new office job that demands more of his time.)
The latest version of iOS patches 80 security vulnerabilities, according to a post on Apple’s security mailing list. Clearly the company’s security team also missed a big one.
Update: A reader points out that anyone hoping to avoid this vulnerability until Apple issues a fix can prevent control center from appearing on their lockscreen by accessing “settings,” then “control center.” Some users are also reporting the trick isn’t working on their phones and tablets, though it may just take a little finesse to figure out the timing.

No comments:

Post a Comment