Bug in iOS 7 allows calls to be placed from locked iPhone
Another security flaw has been discovered in Apple's iOS 7, this time exploiting a bug in the emergency calling system that allows anyone to bypass an iPhone's passcode lock to make a phone call.
The bug was found by Karam Daoud and reported by Fortune, which noted the emergency call exploit has no easy fix and will likely require a software update to patch.
According to the report, a nefarious user can place a phone call to by entering any number in the emergency call pane and repeatedly pressing the call button. After a number of taps, the button "sticks" and iOS appears to crash, but the call will go through. The bug allows both local and international calls to be placed. AppleInsider was able to replicate the process on an iPhone 5 running iOS 7.
The discovery comes after a separate issue was uncovered on Thursday that exploits a glitch in Command Center to bypass iOS 7's lock screen security protection. That problem is easily rectified, however, by turning off the feature's lock screen access in Settings.
As with any new operating system release, the first version is bound to have a few issues that were not unearthed during beta testing. For example, Apple's Safari app in iOS 6 contained a Smart App Banner bug that reenabled JavaScript without user consent, potentially opening devices to security breaches.
Apple has been informed of the latest exploit and will likely issue a patch with the next software update.
The bug was found by Karam Daoud and reported by Fortune, which noted the emergency call exploit has no easy fix and will likely require a software update to patch.
According to the report, a nefarious user can place a phone call to by entering any number in the emergency call pane and repeatedly pressing the call button. After a number of taps, the button "sticks" and iOS appears to crash, but the call will go through. The bug allows both local and international calls to be placed. AppleInsider was able to replicate the process on an iPhone 5 running iOS 7.
The discovery comes after a separate issue was uncovered on Thursday that exploits a glitch in Command Center to bypass iOS 7's lock screen security protection. That problem is easily rectified, however, by turning off the feature's lock screen access in Settings.
As with any new operating system release, the first version is bound to have a few issues that were not unearthed during beta testing. For example, Apple's Safari app in iOS 6 contained a Smart App Banner bug that reenabled JavaScript without user consent, potentially opening devices to security breaches.
Apple has been informed of the latest exploit and will likely issue a patch with the next software update.
Comments
It's a good catch, and good that Apple will fix it quickly.
If you download a brand new operating system, you have to be willing to deal with little glitches. It's to be expected.
Probably will be fixed within several days.
To bad the new dialer and awful turquoise blue icons in safari and mail are not bugs also
Edit: Added tag, as someone seems to have taken this seriously.
Hi, I'm a professional analyst and tech pundit. Based on this bug, I am downgrading AAPL stock to $80 and SELL. I predict Apple will go bankrupt next week and Samsung will overtake them based solely on the fallout from this egregious big. It means Tim Cook can't code as well as Jobs could. Jobs would've caught this bug in testing and fixed it himself.
Go **** yourself. If you are a man, then stand by your words. What if Apple does not go bankrupt next week ? Are you going to eat 10 pounds of shit in front of everyone and shout " I am a professional BS. My prediction was worse than the shit I just ate !" Sounds fair ?
Everybody I know with an iPhone does not have a passcode set and uses it unlocked because of the inconvenience of entering a PIN to unlock it. I don't use a passcode on my iPad either. The paranoids must be out in force on this tuff.
Go **** yourself. If you are a man, then stand by your words. What if Apple does not go bankrupt next week ? Are you going to eat 10 pounds of shit in front of everyone and shout " I am a professional BS. My prediction was worse than the shit I just ate !" Sounds fair ?
Calm down and Google , "sarcasm."
Go **** yourself. If you are a man, then stand by your words. What if Apple does not go bankrupt next week ? Are you going to eat 10 pounds of shit in front of everyone and shout " I am a professional BS. My prediction was worse than the shit I just ate !" Sounds fair ?
I think he was being sarcastic.
Everybody I know with an iPhone does not have a passcode set and uses it unlocked because of the inconvenience of entering a PIN to unlock it. I don't use a passcode on my iPad either. The paranoids must be out in force on this tuff.
Criminals prey on the gullible. Its not paranoid to use the security that is built into the device.
This has always been in all versions of iOS... the ability to make an emergency call without typing in the passcode. This is a feature, not a bug.
........facepalm
Weird that you’re the first to notice this. Weird that the article was written at all.
Go **** yourself. If you are a man, then stand by your words. What if Apple does not go bankrupt next week ? Are you going to eat 10 pounds of shit in front of everyone and shout " I am a professional BS. My prediction was worse than the shit I just ate !" Sounds fair ?
Holy shit.
Holy crap this place is on a roll tonight!
Quote:
Go **** yourself. If you are a man, then stand by your words. What if Apple does not go bankrupt next week ? Are you going to eat 10 pounds of shit in front of everyone and shout " I am a professional BS. My prediction was worse than the shit I just ate !" Sounds fair ?
Quote:
This has always been in all versions of iOS... the ability to make an emergency call without typing in the passcode. This is a feature, not a bug.
Weird that you’re the first to notice this. Weird that the article was written at all.
This has always been in all versions of iOS... the ability to make an emergency call without typing in the passcode. This is a feature, not a bug.
The link in the article appears to be broken but this is an excerpt from the original post at Forbes:
The trick includes international calls and calls to premium numbers, is simple enough that any phone thief could easily take advantage of it, and unlike the first bug revealed in the iOS 7 lockscreen Thursday, there doesn’t seem to be any immediate fix for users.
Anyone who gets physical access to a locked iPhone running iOS 7 can simply tap “Emergency” on the lock screen, which brings up an emergency calling screen. Then he or she can dial any number and rapidly tap the call button until the phone reverts to an empty screen with an Apple logo at the center and make the call to that number. says Daoud. “Once the black screen appeared, it was pretty clear that this is a bug,” says Daoud. “You can dial a number anywhere, any time.
Everybody I know with an iPhone does not have a passcode set and uses it unlocked because of the inconvenience of entering a PIN to unlock it. I don't use a passcode on my iPad either. The paranoids must be out in force on this tuff.
I was like that until I started running a business and realized that if my iPhone were stolen, I would potentially be out thousands in damages. Pass code protection is a must in the business world or anywhere else that you have sensitive data.
If your phone only represents you and your personal data, then only you can be damaged. If your phone represents you and a larger Entity, then both can be damaged.