Apple iOS7 features yet another lock-screen bypass

In what is becoming a rather common occurrence, an iPhone user, this time in Spain, found a glitch that let him get past the screen without a password. He promptly filmed a video and sent it to Forbes, which re-made the film and loaded it online.

Threatpost breaks down the steps:

“From the video, it appears that new platform lets users access a wider array of features from the lock-screen than in previous versions. One of those features is the device’s calculator, which can be accessed through an up-swipe menu while the device is still locked. In the demo, [the user] accesses the calculator, then runs his finger up the screen to bring the up-swipe menu back. He then accesses the phone’s camera as if to take a picture, which is possible in previous iOS versions. However, unlike previous versions, he can now access all of the photos as well. Once he has access to the individual photos he can scroll back to the full camera roll, and…access, delete, email, upload or tweet the device’s photos without knowing its passcode.”

Of course, this isn’t Apple’s first dance with lock-screen bypass bugs. A bug in iOS 6.1 allows a hacker with physical access to an iPhone 5 to bypass the screen to gain access to the phone app and place calls, listen to voice mails and view photos in the contacts section.

Apple patched that bug in March, but in the process, introduced another screen bypass issue. Just one day after Apple’s bug-fixing new iOS 6.1.3 was released, a new lock screen bypass was revealed, this time requiring a paperclip to eject the SIM card at precisely the right moment.

The process is to make a call using Voice Control, but to eject the SIM card as soon as the device starts dialing. Once the SIM is ejected, the phone abandons the call – but crucially leaves the iPhone app open along with access to voicemail, contacts, photos and video, and outgoing phone calls.

iOS 7 is slated for public release this fall, and despite the lock-screen issue, which will likely be fixed before it exits beta, it does feature additional security, including Activation Lock, which protects lost and stolen devices from factory resets – a thief’s favorite trick. With iOS 7, a user must enter his or her Apple ID and password in order to perform the reset.

“So, hundreds of millions of use Find My iPhone to find our phone when it's just lost in the couch, or maybe left at Starbucks, but also when it's been stolen,” said Craig Federighi, Apple presenter, at WWDC. “And now, with Activation Lock, if a thief tries to turn off Find My iPhone, or if they even wipe the device entirely, they will not be able to reactivate it because they don't know your iCloud user name and password. We think this is going to be a really powerful theft deterrent.”

iOS7 also includes iCloud Keychain, a 1Password-like feature that will remember passwords and credit cards and sync them across iDevices for logging into websites and online services. It uses 256-bit AES encryption.

What’s Hot on Infosecurity Magazine?