How to Safeguard Your Device from iOS 7’s Lock Screen Bypass Bug

It's a simple setting, but you have to give up something cool in the bargain.

  • Share
  • Read Later

It doesn’t sound like much of an iOS 7 bug — swipe this way, launch such-and-such app, double-tap that button, slip iOS’s surly security bonds — but if you tend to believe the “lock” in Lock Screen ought to mean something, and you hold your device’s data as sacrosanct, I’d call it a doozy.

Before I tell you how to fix it, which is all of disabling a simple setting (though at some cost), let’s review the bug. Actually before that, I should point out Apple’s already vowed to fix this thing, telling Forbes it “takes security very seriously,” that it’s “aware of this issue” and that it’ll “deliver a fix in a future software update.” (One would assume post-haste.)

I’ve tested it on my iPhone 5 and can vouch that it is, indeed, a partial Lock Screen bypass, though how the fellow who reportedly discovered it did so, given the unlikelihood of anyone ever using their phone this way, is beyond me. Forbes notes the fellow found a Lock Screen bypass in iOS 6.1.3 last March, so he was probably digging when he unearthed this one. Imagine someone drudgingly stabbing buttons and swiping in procedural fashion, cataloging each sequence like brute-force cracking a password until managing to break something.

In this case, he locked his phone, swiped up to access iOS 7’s new slide-out Control Center, opened the Stopwatch app, dropped to the bottom menu and launched the Alarm app, held down the physical power button until the “slide to power off” prompt appeared (see how crazy this is?), tapped “cancel,” then stabbed the Home button twice, holding it slightly longer on the second press.

That takes you past the Lock Screen and into iOS’s new “what’s running” multitasking view, from which you can access running iOS apps, including the camera, thus allowing you to share your — or someone else’s — photos and videos, just as you would were the phone unlocked.

How do you prevent this from happening until Apple issues a fix? Simple:

1. Go to “Settings.”

2. Select “Control Center.”

3. Disable “Access on Lock Screen.”

That neutralizes the Control Center swipe gesture on the Lock Screen, thus ensuring no one can access it, though the sad words “including you” also belong in that sentence. Control Center access outside the Lock Screen is pretty awesome, so let’s hope Apple nips this one in the bud pronto.