How to Safeguard Your Device from iOS 7’s Lock Screen Bypass Bug

It's a simple setting, but you have to give up something cool in the bargain.

  • Share
  • Read Later
Apple
Apple

It doesn’t sound like much of an iOS 7 bug — swipe this way, launch such-and-such app, double-tap that button, slip iOS’s surly security bonds — but if you tend to believe the “lock” in Lock Screen ought to mean something, and you hold your device’s data as sacrosanct, I’d call it a doozy.

Before I tell you how to fix it, which is all of disabling a simple setting (though at some cost), let’s review the bug. Actually before that, I should point out Apple’s already vowed to fix this thing, telling Forbes it “takes security very seriously,” that it’s “aware of this issue” and that it’ll “deliver a fix in a future software update.” (One would assume post-haste.)

I’ve tested it on my iPhone 5 and can vouch that it is, indeed, a partial Lock Screen bypass, though how the fellow who reportedly discovered it did so, given the unlikelihood of anyone ever using their phone this way, is beyond me. Forbes notes the fellow found a Lock Screen bypass in iOS 6.1.3 last March, so he was probably digging when he unearthed this one. Imagine someone drudgingly stabbing buttons and swiping in procedural fashion, cataloging each sequence like brute-force cracking a password until managing to break something.

In this case, he locked his phone, swiped up to access iOS 7’s new slide-out Control Center, opened the Stopwatch app, dropped to the bottom menu and launched the Alarm app, held down the physical power button until the “slide to power off” prompt appeared (see how crazy this is?), tapped “cancel,” then stabbed the Home button twice, holding it slightly longer on the second press.

That takes you past the Lock Screen and into iOS’s new “what’s running” multitasking view, from which you can access running iOS apps, including the camera, thus allowing you to share your — or someone else’s — photos and videos, just as you would were the phone unlocked.

How do you prevent this from happening until Apple issues a fix? Simple:

1. Go to “Settings.”

2. Select “Control Center.”

3. Disable “Access on Lock Screen.”

That neutralizes the Control Center swipe gesture on the Lock Screen, thus ensuring no one can access it, though the sad words “including you” also belong in that sentence. Control Center access outside the Lock Screen is pretty awesome, so let’s hope Apple nips this one in the bud pronto.

14 comments
benowak13
benowak13

I found another bug today...I'm sure other people have found this out to but when your on the lock screen and you use siri and say find my friends...it will bring you into the find my friends app and then you just push the home button and bam your in the phone...no password needed!!!

AjirohJemuran
AjirohJemuran

please dont put at airplane mode in control center..........

jahorowitz
jahorowitz

My biggest problem is airplane mode in lock screen. It disables find my iphone and is a win for thieves.



KonradKaczor
KonradKaczor

Nice workaround to fix it. Thanks. I have tested and it took couple times (right timing) to work, but indeed, lock screen hack in ios7 is real and works... In my case it only allowed me to open camera app though, but that's bad enough as from there there is shortcut to camera roll and all pictures.

czech12
czech12

Um, if you can into the device when it's password protected, it's called a bug.  It doesn't matter what you need to do to get around it.

Solarflere
Solarflere

also as a response the the nonbelievers, Im a tech and i tried it dozen of times before it worked. But it did work.

Solarflere
Solarflere

another way of disabling the hack is to close the camera app before locking the phone. This way if you implement the hack, there is no active camera app to access the pictures

mr_bigten
mr_bigten

>> total BS, tried it 100 times on the new IOS7, it does NOT work, no matter how slow or fast I hit the home button twice..why are you bashing AAPL (a US company), without proving your claim first,..worry about Chinese, government funded hacking instead.


KennyStrawn177
KennyStrawn177

I'm guessing iOS 7.0.1 might be the fix...? Yup, since it's being tested internally already, that's probably right...

djtyral
djtyral

I wasn't actually able to select any of the apps in the menu when I replicated this. So it lets you see what's installed, but I couldn't actually open or see anything in the apps, most were darkened out.

Ike_MG
Ike_MG

@jahorowitz so does turning the phone off, makes no difference whether they include it in control panel or not.

mattpeckham
mattpeckham moderator

@djtyral Did get to the multitasking menu? The apps have to be open to be accessed, i.e. if Photos isn't already open, you can't get to it. But if someone has Photos open, it comes right up if you do the bypass trick, then slide over to it.

KonradKaczor
KonradKaczor

Poster is correct I had many apps opened and this hack does not let me open them. However it works in camera app only. This is serious enough anyway as potential 3rd person can get access to your photos and for example share them on social media using your own account configured in the phone. So nice fix in the article before apple address it, thanks.

nicenissey
nicenissey

@mattpeckham @djtyral 

The multitasking menu was showing me all the apps open, but they were "greyed" out, i.e. nothing, no data.  As far as I'm concerned, there is no security bug.