iOS 7 Bug Lets Anyone Bypass iPhone’s Lockscreen To Hijack Photos, Email, Or Twitter
By Andy Greenberg
Forget the debate around the security or insecurity of the iPhone 5s’s
fingerprint reader. The latest version of the iPhone’s operating system
currently offers a gaping hole in its old-fashioned passcode lockscreen.
Jose Rodriguez, a 36-year-old soldier living in Spain’s Canary Islands,
has found a security vulnerability in iOS 7 that allows anyone to bypass
its lockscreen in seconds to access photos, email, Twitter, and more. He
shared the technique with me, along with the video above.
As the video shows, anyone can exploit the bug by swiping up on the
lockscreen to access the phone’s “control center,” and then opening the
alarm clock. Holding the phone’s sleep button brings up the option to
power it off with a swipe. Instead, the intruder can tap “cancel” and
double click the home button to enter the phone’s multitasking screen.
That offers access to its camera and stored photos, along with the ability
to share those photos from the user’s accounts, essentially allowing
anyone who grabs the phone to hijack the user’s email, Twitter, Facebook
or Flickr account.
I tested the technique on an iPhone 5 running iOS 7, and it worked.
Rodriguez’s video shows it working on an iPad, too. It’s not yet clear if
the same exploit can bypass the lockscreen of an iPhone 5s or 5c, but
Rodriguez tells me he believes it will. I’ve reached out to Apple for
comment and I’ll update this post if I hear from the company. Update: A
spokesperson from Apple tells me that the company “takes security very
seriously and we’re aware of this issue. We’ll deliver a fix in a future