or Connect
AppleInsider › Forums › General › General Discussion › Apple's Control Center used to bypass iOS 7 passcode lock [u]
New Posts  All Forums:Forum Nav:

Apple's Control Center used to bypass iOS 7 passcode lock [u]

post #1 of 52
Thread Starter 
A security hole in iOS 7 has been reported in which Apple's Control Center, along with some quick finger work, can be used to bypass a passcode protected lock screen on an iPhone or iPad running iOS 7, grating access to Mail, Photos and Twitter, and more.



The exploit, discovered by Jose Rodriguez on Thursday, take a bit of finesse to get right, though we have independently verified that it works. It is somewhat reminiscent of a lock screen bug in iOS 6.1 that allowed access to Contacts, Photos and Voicemail by using a complex string of commands including the emergency call feature.

As reported by Fortune, the recently discovered vulnerability involves Control Center, a new feature in iOS 7 that gives users quick access to commonly used apps and commands.

First, a nefarious user must invoke Control Center by swiping up from the bottom of a locked iPhone or iPad's lock screen. From there, the Clock app can be opened even without a passcode. Holding down the power button will bring up the shut-off pane. This next part is tricky, though is manageable with practice. Instead of swiping to power down the device, cancel is selected, followed quickly by one short and one long press of the home button. The device enters the iOS 7 multi-tasking view and from there Mail, Photos and Twitter can be accessed.

The exploit can be defeated by simply disabling Control Center in the lock screen, though this somewhat hampers the new iOS 7 capability. It should also be noted that access is only granted to app open prior to locking the device, and the titles affected by the workaround are limited. For example, Safari cannot be opened from the multi-tasking view.

We tested the bug on both the iPhone 5 and third-generation iPad, and while it took a few tries, the process does work.

Apple will most likely patch the issue in an upcoming software update.

Update: Apple has confirmed to AllThingsD that a fix is in the works and will be included in a future update. No estimated release date was given.
post #2 of 52
How the heck do people discover these sort of things?!?! o_O
post #3 of 52

Yep, right on cue for the next 'scandal' to bring AAPL down. 

post #4 of 52
Quote:
Originally Posted by monstrosity View Post

Yep, right on cue for the next 'scandal' to bring AAPL down. 
It would help if the rumor sites didn't plaster them on the front page to get more page views.
Edited by Rogifan - 9/19/13 at 2:35pm
post #5 of 52

Glad they found it now...early in the release. On to the next one.

post #6 of 52
Quote:
Originally Posted by MoXoM View Post

How the heck do people discover these sort of things?!?! o_O

 

People with alot of free time lol

post #7 of 52
Doesn't work on iPad. It'll display the multitasking tray and previews for a few apps, but you can't access any of them.
post #8 of 52
I don't use a passlock. I'm just careful with my stuff, don't need some annoying passcode that I always can read when people unlock their iPhone in public.

Yet another gate.
I’d rather have a better product than a better price.
Reply
I’d rather have a better product than a better price.
Reply
post #9 of 52
Omg omg! Scandalous headline: Apple's iOS 7 leaves users vulnerable to authorized access!!!!!!!!!!

I see a 7.0.2 coming soon.
post #10 of 52

He probably found it weeks ago on the developer preview and waited for the general release in order to cause the most damage.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #11 of 52
Quote:
Originally Posted by mbchp View Post

Doesn't work on iPad. It'll display the multitasking tray and previews for a few apps, but you can't access any of them.
Tried it on my iPhone 4 and can get to the multitask screen but couldn't open mail or photos. Maybe it doesn't work on all iOS devises.
post #12 of 52

doesn't work on my iPhone 5. It displays the multitasking tray, however I cannot access any of apps...

post #13 of 52
Quote:
Originally Posted by PhilBoogie View Post

I don't use a passlock. I'm just careful with my stuff, don't need some annoying passcode that I always can read when people unlock their iPhone in public.

Yet another gate.

 

I'm sure that works fine if you're not prone to losing things.  But it wouldn't work so great against theft/robbery.

post #14 of 52
Quote:
Originally Posted by mbchp View Post

Doesn't work on iPad. It'll display the multitasking tray and previews for a few apps, but you can't access any of them.
Same here on my iPhone 4S
post #15 of 52
Quote:
Originally Posted by PhilBoogie View Post

I don't use a passlock. I'm just careful with my stuff, don't need some annoying passcode that I always can read when people unlock their iPhone in public.

Yet another gate.

 

+1

Life is too short to type 4 digits to access your phone 55 times a day. Maybe if I was the president, or a secret agent.. It would be a matter of national security if someone were to like, read my emails if they stole my phone.

post #16 of 52
You can access the multitasking and the only thing you can do is closing apps...
post #17 of 52
Quote:
Originally Posted by bill42 View Post

+1
Life is too short to type 4 digits to access your phone 55 times a day. Maybe if I was the president, or a secret agent.. It would be a matter of national security if someone were to like, read my emails if they stole my phone.
Maybe if they came up with some kind of finger print scanner so I don't have to enter my passcode all the time, then I would turn it on 1smile.gif
post #18 of 52
Quote:
Originally Posted by AppleInsider View Post

The exploit can be defeated by simply disabling Control Center in the lock screen, though this somewhat hampers the new iOS 7 capability.

Honestly....anyone wanting full protection and security should disable the control center from lock screen anyways as a thief could use it to turn on airplane mode and walk off without worry of "find my iPhone"

I've said it before and I'll say it again...apple should make have a feature that adds the ability to require a passcode to enter airplane mode and/shut of device so that we can keep find my iPhone useful.

Sure there is still the SIM card tray but at least they'd need time and the key to get to that.

Anyone who agrees with me should do what I have done and SUBMIT THIS REQUEST TO APPLE AS A FEATURE
post #19 of 52
Hm...Just tried it and it seems like you can only view the apps (and close them), but not open them. Still using the dev edition though, maybe the GM introduced the issue?
post #20 of 52
Originally Posted by AppleInsider View Post
…take a bit of finesse to get right…

 

Proof of meaninglessness. Nothing to see here.

 

Except the subject-verb disagreement.

Originally Posted by Marvin

The only thing more insecure than Android’s OS is its userbase.
Reply

Originally Posted by Marvin

The only thing more insecure than Android’s OS is its userbase.
Reply
post #21 of 52
Quote:
Originally Posted by nitos30z View Post

Maybe if they came up with some kind of finger print scanner so I don't have to enter my passcode all the time, then I would turn it on 1smile.gif

 

Dude, let's stay with reality here and not wander into the realms of science fiction!

There's nothing your wife/girlfriend/partner wouldn't like more than your 6 Plus...
Reply
There's nothing your wife/girlfriend/partner wouldn't like more than your 6 Plus...
Reply
post #22 of 52
Quote:
Originally Posted by Rogifan View Post


It would help if the rumor sites didn't plaster them on the front page to get more page views.

No, no. You don't understand how this works.  IF no one talks about it, then no fix is made.  Those who know the exploit, will continue to use it unnoticed.  The way to prevent this is to do exactly what the media/Apple Insider/AllThingsD has done...Spread the word. 

[Forum Signature]  I have no signature.  [Forum Signature]

Reply

[Forum Signature]  I have no signature.  [Forum Signature]

Reply
post #23 of 52
Quote:
Originally Posted by StephanJobs View Post

Honestly....anyone wanting full protection and security should disable the control center from lock screen anyways as a thief could use it to turn on airplane mode and walk off without worry of "find my iPhone"

I've said it before and I'll say it again...apple should make have a feature that adds the ability to require a passcode to enter airplane mode and/shut of device so that we can keep find my iPhone useful.

Sure there is still the SIM card tray but at least they'd need time and the key to get to that.

Anyone who agrees with me should do what I have done and SUBMIT THIS REQUEST TO APPLE AS A FEATURE

Oh sh¡t, I didn't notice that. Apple should put pass code on airplane mode.. Or remove it from control center when you are in lock screen but not on home screen... This will disable the GPS for find my iPhone....

Sent from my iPhone

Please excuse my lame English grammar. American Sign Language is my first language and English's the second.
Tallest Skill, you can edit my English grammar for me. My English grammar sucks! lol

Reply

Please excuse my lame English grammar. American Sign Language is my first language and English's the second.
Tallest Skill, you can edit my English grammar for me. My English grammar sucks! lol

Reply
post #24 of 52
Having control center on lock screen is kind of risky, A thief who steals an iphone, can quickly change the phone to aircraft mode and makes it undetected.
post #25 of 52
Quote:
Originally Posted by jkshankx View Post

Having control center on lock screen is kind of risky, A thief who steals an iphone, can quickly change the phone to aircraft mode and makes it undetected.

 

Yeah, but then what?  It's pretty useless in airport mode forever, and they can't wipe it or reactivate it without being connected to the net and entering your Apple ID credentials.  True, they have access to your data in the mean time, if the phone isn't locked, but that isn't what most thieves are after.  And if the phone is locked, once this bug is fixed, they won't even have that.  They'll just have a useless iPhone they can't take out of airport mode for risk of it wiping and locking itself.  lol

post #26 of 52
Quote:
Originally Posted by jungmark View Post

Omg omg! Scandalous headline: Apple's iOS 7 leaves users vulnerable to authorized access!!!!!!!!!!

I see a 7.0.2 coming soon.
iOS 8 coming ASAP
post #27 of 52
Tried on a 4s, can get to the multitasking screen, but not into any of the mentioned apps, the bug might only be functional within a certain time period after locking the device.
post #28 of 52
Quote:
Originally Posted by MoXoM View Post

How the heck do people discover these sort of things?!?! o_O

No Job and too much time....
post #29 of 52
There's also a 'distraction' made by programmers or UI designers: if Control Center is set up to appear on locked screen, everyone can activate the airplane mode, disabling all signal functions including wi-fi.

In this case, if the phone is stolen and despite another person will need the Apple ID to reset the phone, it clearly appears that Find my phone will not work with disabled wi-fi, making impossible to find out where the phone is.
post #30 of 52
Quote:
Originally Posted by AppleBuggDalek View Post


Same here on my iPhone 4S

 

The first time I tried this I got through but subsequent attempts all failed. In fact, on my last couple of tries I couldn't even get to the multitasking tray. I doubt that IOS7 can learn to "heal" itself...or can it? 😨

"You can't fall off the floor"   From 128k Mac to 8GB MBP

Reply

"You can't fall off the floor"   From 128k Mac to 8GB MBP

Reply
post #31 of 52

There is no surprise that new iOS has bugs and problem. It always does. Hopefully, iOS 7 won't have as many of them as iOS 6 had. 

post #32 of 52
Quote:
Originally Posted by waybacmac View Post

The first time I tried this I got through but subsequent attempts all failed. In fact, on my last couple of tries I couldn't even get to the multitasking tray. I doubt that IOS7 can learn to "heal" itself...or can it? 😨
Strange about the healing itself… the first time I opened the camera app, the flash option text would overlay over the HDR option text. Reminded me of a weird HTML reflow problem. Was going to document it and send it to apple, but when I reopened camera, it had fixed itself.
"We have been taught to believe that negative equals realistic and positive equals unrealistic."
-Susan Jeffers
Reply
"We have been taught to believe that negative equals realistic and positive equals unrealistic."
-Susan Jeffers
Reply
post #33 of 52
Quote:
Originally Posted by CatherineM View Post
 

There is no surprise that new iOS has bugs and problem. It always does. Hopefully, iOS 7 won't have as many of them as iOS 6 had. 

 

That reminds me of a book I had back when I started as a programmer (several decades ago) about writing quality C code. The first sentence in the book read something like "When IBM releases its next version of its mainframe operating system it will contain 1,000 bugs. How do we know this? Because every release fixes all the bugs in the previous release."

 
As long as humans write software, as in every other endeavour, it will contain flaws. The right response is, where possible, to address them when they are found. That's generally easy in software at least ...
post #34 of 52
I can't seem to do it.
post #35 of 52
Nope. I got it now.
post #36 of 52
Quote:
Originally Posted by Maltz View Post
 

 

I'm sure that works fine if you're not prone to losing things.  But it wouldn't work so great against theft/robbery.

 

It would once you get back to a computer and use "Find my iPhone", which you can then lock down.   I don't use a passcode on my iPhone5 either.  But if I bought a new phone with the fingerprint ID, I would use that.

 
Besides, what exactly would a thief do with my phone (aside from wiping and reselling it)?    They can make a lot of phone calls, but it's unlikely in the first few days before I shut the account down that they would exceed my limit.   They can use a lot of data, but I still have an unlimited plan.    They can send out mass emails (although that's a bit hard to do with a phone) using my email address, but people already do that without having my phone.   They can send out nasty emails to my address list, but people would immediately know it's not really me.   For most other posting sites, they would have to know my password.     For any e-commerce or banking sites, they would have to know my passwords.
 
So aside from the annoyance of having to pay full price to replace the phone, I don't see what the big security risk really is.       
post #37 of 52
Quote:
Originally Posted by KiltedGreen View Post
 

Because every release fixes all the bugs in the previous release."

If only that were true.   That wasn't true for IBM, it's not true for Microsoft and it's not true for Apple (or anyone else).   I think at one time, Windows was reputed to have 50,000 bugs in it.

 

Frankly, even though this bug was found pretty quickly, it's a pretty obscure bug.   I really don't know how it would become part of anyone's test scenarios.     So it doesn't really bother me.    But does bother me is when you have very obvious bugs that are found pretty quickly.    And when you have hundreds of postings on Apple's site about the same problem and Apple doesn't seem to address it, I find that problematic as well.   

 

Overall, I'd say Apple has done pretty well.     But we all know of bugs that have never been fixed.

post #38 of 52

These sort of security problems come up all the time.  Best not to store any personal things on the phone.  I don't worry much if I lost my iphone or got stolen.  All the contacts are nick named.  No personal info at all.  All emails are for span  only.  Fake apple Id.  Fake FB acct.  Fake twitter acct.  Yeah, the thief can call the people on  my contact list and ask them about my name if he is dare to do that.  All sensitive info is encrypted and uploaded to icloud and deleted on the iphone.  I know, changing passwords and maybe setting up new accts will be a hassle if I really lose my iphone.

post #39 of 52
Quote:

Originally Posted by Maltz View Post

 

 



Yeah, but then what?  It's pretty useless in airport mode forever, and they can't wipe it or reactivate it without being connected to the net and entering your Apple ID credentials.  True, they have access to your data in the mean time, if the phone isn't locked, but that isn't what most thieves are after.  And if the phone is locked, once this bug is fixed, they won't even have that.  They'll just have a useless iPhone they can't take out of airport mode for risk of it wiping and locking itself.  lol





 



Sell the parts, or send it back to China where it was made and ask the maker to reset it for a small fee.

post #40 of 52

I just downloaded ios7 on my iphone4. What a piece of crap.  The text is very thin making it difficult to read for an older person.  Everything is more faint than ios6.  Now my phone is locked after 1 minute which is a damn nuisance!  Never had that problem before. Closing apps is less user friendly and more complex. I have passbook on one screen on its own.  So now my 3 screens is now 4 screens.  More swiping!  If it ain't broke why fix it!

 

Time to go smart Phone!

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › Apple's Control Center used to bypass iOS 7 passcode lock [u]