Lock Screen Flaw Allows Easy Bypass in iOS 7 - How To Protect Against It

A major security hole in iOS 7 has been discovered that allows people to bypass the screen lock on an iPhone or iPad. Apple said it is aware of the problem and will fix it in an unspecified future update, but there is something you can do in the meanwhile to protect your iOS device against this flaw.

The Flaw

The bypass was discovered by Jose Rodriguez, according to Forbes, who said he is a 36-year old soldier in Spain. Mr. Rodriquez's hobby has long been finding such bypasses in iOS 7 because his job as a driver gave him plenty of time to look for them.

In the video below, Mr. Rodriguez demonstrates the method. With the lock screen up, open Control Center by swiping up from the bottom of your screen. Tap the timer button to open the timer, then press and hold the power button on the top of your iPhone to put it to sleep.

That brings up the sleep option that allows you to swipe to put your device to sleep. If you tap Cancel, instead, and immediately double tap the home button, you are given access to the device's multitasking screen where you can access the camera app.

In the camera app, you can then use the camera and access the camera roll, meaning that the intruder can see every image on your iPhone or iPad. When viewing one of those images, the intruder can then share them via the usual methods: Mail.app, Facebook, Twitter, Flckr, iCloud, and SMS.

When sharing the image in such a fashion, the intruder can use all of the usual text-input methods to add whatever text message they might want to send from your iPhone and your account.

Here's Mr. Rodriquez's video:

 

I tested the method on a new iPhone 5s, and it worked exactly as shown by Mr. Rodriguez on his iPhone 4 or 4s. In his Forbes article, Andy Greenberg said he tested it on an iPhone 5, and many people have since tested it as the story spreads like wildfire.

Note that I found I was able to force running apps to quit from this screen, too.

Lock Screen Bypass

The Multitasking Switcher Screen in iOS 7

The Bad, The Good, and the Better

The bad news is that Jose Rodriguez said this is the last flaw he is planning on finding. Seems he got a new job that leaves him with less free time. Considering the fact that he was publicly disclosing these flaws instead of selling them to the bad guys, that bites. His hobby has resulted in a more secure iOS.

The good news is that Apple told Forbes that it, "takes security very seriously and we’re aware of this issue. We’ll deliver a fix in a future software update."

The better news is that you can protect against this by disabling Control Center access on your lock screen. To do so, go to Settings -> Control Center. On that screen, simply set "Access on Lock Screen" to off, as shown in the image below.

Control Center Access

Set Access on Lock Screen to Off

That keeps you and anyone else from being to access the Control Center from your Lock Screen, and I recommend doing so until Apple releases a fix for this issue.