Apple's Control Center used to bypass iOS 7 passcode lock [u]

Posted:
in General Discussion edited April 2014
A security hole in iOS 7 has been reported in which Apple's Control Center, along with some quick finger work, can be used to bypass a passcode protected lock screen on an iPhone or iPad running iOS 7, grating access to Mail, Photos and Twitter, and more.



The exploit, discovered by Jose Rodriguez on Thursday, take a bit of finesse to get right, though we have independently verified that it works. It is somewhat reminiscent of a lock screen bug in iOS 6.1 that allowed access to Contacts, Photos and Voicemail by using a complex string of commands including the emergency call feature.

As reported by Fortune, the recently discovered vulnerability involves Control Center, a new feature in iOS 7 that gives users quick access to commonly used apps and commands.

First, a nefarious user must invoke Control Center by swiping up from the bottom of a locked iPhone or iPad's lock screen. From there, the Clock app can be opened even without a passcode. Holding down the power button will bring up the shut-off pane. This next part is tricky, though is manageable with practice. Instead of swiping to power down the device, cancel is selected, followed quickly by one short and one long press of the home button. The device enters the iOS 7 multi-tasking view and from there Mail, Photos and Twitter can be accessed.

The exploit can be defeated by simply disabling Control Center in the lock screen, though this somewhat hampers the new iOS 7 capability. It should also be noted that access is only granted to app open prior to locking the device, and the titles affected by the workaround are limited. For example, Safari cannot be opened from the multi-tasking view.

We tested the bug on both the iPhone 5 and third-generation iPad, and while it took a few tries, the process does work.

Apple will most likely patch the issue in an upcoming software update.

Update: Apple has confirmed to AllThingsD that a fix is in the works and will be included in a future update. No estimated release date was given.
«13

Comments

  • Reply 1 of 53
    moxommoxom Posts: 326member
    How the heck do people discover these sort of things?!?! o_O
  • Reply 2 of 53

    Yep, right on cue for the next 'scandal' to bring AAPL down. 

  • Reply 3 of 53
    rogifanrogifan Posts: 10,669member
    Yep, right on cue for the next 'scandal' to bring AAPL down. 
    It would help if the rumor sites didn't plaster them on the front page to get more page views.
  • Reply 4 of 53

    Glad they found it now...early in the release. On to the next one.

  • Reply 5 of 53
    Quote:

    Originally Posted by MoXoM View Post



    How the heck do people discover these sort of things?!?! o_O

     

    People with alot of free time lol

  • Reply 6 of 53
    I found a "bug" too. It is year 2013, and you still can't email a group from your icloud from your iphone. Attention to detail, huh?
  • Reply 7 of 53
    Doesn't work on iPad. It'll display the multitasking tray and previews for a few apps, but you can't access any of them.
  • Reply 8 of 53
    I don't use a passlock. I'm just careful with my stuff, don't need some annoying passcode that I always can read when people unlock their iPhone in public.

    Yet another gate.
  • Reply 9 of 53
    jungmarkjungmark Posts: 6,926member
    Omg omg! Scandalous headline: Apple's iOS 7 leaves users vulnerable to authorized access!!!!!!!!!!

    I see a 7.0.2 coming soon.
  • Reply 10 of 53
    mstonemstone Posts: 11,510member

    He probably found it weeks ago on the developer preview and waited for the general release in order to cause the most damage.

  • Reply 11 of 53
    mbchp wrote: »
    Doesn't work on iPad. It'll display the multitasking tray and previews for a few apps, but you can't access any of them.
    Tried it on my iPhone 4 and can get to the multitask screen but couldn't open mail or photos. Maybe it doesn't work on all iOS devises.
  • Reply 12 of 53

    doesn't work on my iPhone 5. It displays the multitasking tray, however I cannot access any of apps...

  • Reply 13 of 53
    maltzmaltz Posts: 453member
    Quote:
    Originally Posted by PhilBoogie View Post



    I don't use a passlock. I'm just careful with my stuff, don't need some annoying passcode that I always can read when people unlock their iPhone in public.



    Yet another gate.

     

    I'm sure that works fine if you're not prone to losing things.  But it wouldn't work so great against theft/robbery.

  • Reply 14 of 53
    mbchp wrote: »
    Doesn't work on iPad. It'll display the multitasking tray and previews for a few apps, but you can't access any of them.
    Same here on my iPhone 4S
  • Reply 15 of 53
    Quote:

    Originally Posted by PhilBoogie View Post



    I don't use a passlock. I'm just careful with my stuff, don't need some annoying passcode that I always can read when people unlock their iPhone in public.



    Yet another gate.

     

    +1

    Life is too short to type 4 digits to access your phone 55 times a day. Maybe if I was the president, or a secret agent.. It would be a matter of national security if someone were to like, read my emails if they stole my phone.

  • Reply 16 of 53
    You can access the multitasking and the only thing you can do is closing apps...
  • Reply 17 of 53
    bill42 wrote: »
    +1
    Life is too short to type 4 digits to access your phone 55 times a day. Maybe if I was the president, or a secret agent.. It would be a matter of national security if someone were to like, read my emails if they stole my phone.
    Maybe if they came up with some kind of finger print scanner so I don't have to enter my passcode all the time, then I would turn it on :)
  • Reply 18 of 53
    The exploit can be defeated by simply disabling Control Center in the lock screen, though this somewhat hampers the new iOS 7 capability.

    Honestly....anyone wanting full protection and security should disable the control center from lock screen anyways as a thief could use it to turn on airplane mode and walk off without worry of "find my iPhone"

    I've said it before and I'll say it again...apple should make have a feature that adds the ability to require a passcode to enter airplane mode and/shut of device so that we can keep find my iPhone useful.

    Sure there is still the SIM card tray but at least they'd need time and the key to get to that.

    Anyone who agrees with me should do what I have done and SUBMIT THIS REQUEST TO APPLE AS A FEATURE
  • Reply 19 of 53
    Hm...Just tried it and it seems like you can only view the apps (and close them), but not open them. Still using the dev edition though, maybe the GM introduced the issue?
  • Reply 20 of 53
    Originally Posted by AppleInsider View Post
    …take a bit of finesse to get right…

     

    Proof of meaninglessness. Nothing to see here.

     

    Except the subject-verb disagreement.

Sign In or Register to comment.