Tag Archives: vulnerability

iOS 7 Lock Screen Vulnerability

A video about this process

Now that iOS 7 has finally been released, everyone can finally see what Apple has been highly touting since June. It has a new look, new functionality and it just runs more fluidly.

Day one has passed, now with day two upon us it has come to our attention that there is a massive weakness relating to the overall security of your Apple device. This vulnerability that many people are now talking about relates to the fact that an individual can now bypass the password protected lock screen.

It’s a fairly simple process, and I was able to get this to work on my iPad 4 easily. Just follow these simple steps:

1. Start up your device so that it is in the lock screen

2. Open the camera function, by swiping up on the camera icon located in the bottom right corner

3. Open the ‘photos’ screen (it’s the blank square located in the bottom right corner of the camera function), notice you cannot access your photos from here

4. Go back to the lock screen and open the control panel by swiping up on the bottom of the lock screen

5. Select the alarm clock function (clock icon on the right)

6. Once in the alarm clock, press and hold the ‘lock button’ located on the top of the device

7. It will ask if you want to power off your device

8. Here is the tricky part: select cancel, but almost immediately double click the ‘home button’ (the only physical button on the front of the device) the timing needs to be almost perfect

9. This will open the multi-tasking screen, and this is where you can access photos.

10. Once in the photo’s screen, the pictures can be uploaded to various places, like Facebook or Twitter for example. You can even e-mail whichever photo you want, obviously creating a massive privacy problem.

One way to avoid this vulnerability is to go into the settings page, click on ‘control center’, then turn off the ‘access on lock screen’ function. By default this is set to ‘on’, but turning this off eliminates this vulnerability. Until Apple releases a new update, this is the best way to avoid being breached. And for those wondering, it only affects iOS 7 users.