Bug in iOS 7 allows calls to be placed from locked iPhone

Posted:
in iPhone edited January 2014
Another security flaw has been discovered in Apple's iOS 7, this time exploiting a bug in the emergency calling system that allows anyone to bypass an iPhone's passcode lock to make a phone call.

Exploit


The bug was found by Karam Daoud and reported by Fortune, which noted the emergency call exploit has no easy fix and will likely require a software update to patch.

According to the report, a nefarious user can place a phone call to by entering any number in the emergency call pane and repeatedly pressing the call button. After a number of taps, the button "sticks" and iOS appears to crash, but the call will go through. The bug allows both local and international calls to be placed. AppleInsider was able to replicate the process on an iPhone 5 running iOS 7.



The discovery comes after a separate issue was uncovered on Thursday that exploits a glitch in Command Center to bypass iOS 7's lock screen security protection. That problem is easily rectified, however, by turning off the feature's lock screen access in Settings.

As with any new operating system release, the first version is bound to have a few issues that were not unearthed during beta testing. For example, Apple's Safari app in iOS 6 contained a Smart App Banner bug that reenabled JavaScript without user consent, potentially opening devices to security breaches.

Apple has been informed of the latest exploit and will likely issue a patch with the next software update.
«134567

Comments

  • Reply 1 of 130
    512ke512ke Posts: 782member

    It's a good catch, and good that Apple will fix it quickly.

     

    If you download a brand new operating system, you have to be willing to deal with little glitches.  It's to be expected.

  • Reply 2 of 130
    Apples doomed!
  • Reply 3 of 130

    Probably will be fixed within several days.

  • Reply 4 of 130

    To bad the new dialer and awful turquoise blue icons in safari and mail are not bugs also

  • Reply 5 of 130
    Hi, I'm a professional analyst and tech pundit. Based on this bug, I am downgrading AAPL stock to $80 and SELL. I predict Apple will go bankrupt next week and Samsung will overtake them based solely on the fallout from this egregious bug. It means Tim Cook can't code as well as Jobs could. Jobs would've caught this bug in testing and fixed it himself.

    Edit: Added tag, as someone seems to have taken this seriously.
  • Reply 6 of 130
    nagrommenagromme Posts: 2,834member
    I hereby choose to forget that other phones have had their share of lock-screen exploits too, and pretend this only happens with Apple :) More fun that way!
  • Reply 7 of 130
    Quote:

    Originally Posted by macinthe408 View Post



    Hi, I'm a professional analyst and tech pundit. Based on this bug, I am downgrading AAPL stock to $80 and SELL. I predict Apple will go bankrupt next week and Samsung will overtake them based solely on the fallout from this egregious big. It means Tim Cook can't code as well as Jobs could. Jobs would've caught this bug in testing and fixed it himself.

     

    Go **** yourself.   If you are a man, then stand by your words.  What if Apple does not go bankrupt next week ? Are you going to eat 10 pounds of shit in front of everyone and shout " I am a professional BS.  My prediction was worse than the shit I just ate !"    Sounds fair ?

  • Reply 8 of 130
    lkrupplkrupp Posts: 10,557member

    Everybody I know with an iPhone does not have a passcode set and uses it unlocked because of the inconvenience of entering a PIN to unlock it. I don't use a passcode on my iPad either. The paranoids must be out in force on this tuff.

  • Reply 9 of 130
    Quote:

    Originally Posted by RamSay View Post

     

     

    Go **** yourself.   If you are a man, then stand by your words.  What if Apple does not go bankrupt next week ? Are you going to eat 10 pounds of shit in front of everyone and shout " I am a professional BS.  My prediction was worse than the shit I just ate !"    Sounds fair ?


     

    Calm down and Google , "sarcasm."

  • Reply 10 of 130
    lkrupplkrupp Posts: 10,557member
    Quote:

    Originally Posted by RamSay View Post

     

     

    Go **** yourself.   If you are a man, then stand by your words.  What if Apple does not go bankrupt next week ? Are you going to eat 10 pounds of shit in front of everyone and shout " I am a professional BS.  My prediction was worse than the shit I just ate !"    Sounds fair ?


     

    I think he was being sarcastic.

  • Reply 11 of 130
    Quote:

    Originally Posted by lkrupp View Post

     

    Everybody I know with an iPhone does not have a passcode set and uses it unlocked because of the inconvenience of entering a PIN to unlock it. I don't use a passcode on my iPad either. The paranoids must be out in force on this tuff.


     

    Criminals prey on the gullible. Its not paranoid to use the security that is built into the device.

  • Reply 12 of 130
    This has always been in all versions of iOS... the ability to make an emergency call without typing in the passcode. This is a feature, not a bug.
  • Reply 13 of 130
    Quote:
    Originally Posted by scotty321 View Post



    This has always been in all versions of iOS... the ability to make an emergency call without typing in the passcode. This is a feature, not a bug.

     

    ........facepalm

  • Reply 14 of 130
    Originally Posted by scotty321 View Post
    This has always been in all versions of iOS... the ability to make an emergency call without typing in the passcode. This is a feature, not a bug.

     

    Weird that you’re the first to notice this. Weird that the article was written at all.

  • Reply 15 of 130
    slurpyslurpy Posts: 5,382member
    Quote:
    Originally Posted by RamSay View Post

     

     

    Go **** yourself.   If you are a man, then stand by your words.  What if Apple does not go bankrupt next week ? Are you going to eat 10 pounds of shit in front of everyone and shout " I am a professional BS.  My prediction was worse than the shit I just ate !"    Sounds fair ?


     

    Holy shit. 

  • Reply 16 of 130
    droidftwdroidftw Posts: 1,009member

    Holy crap this place is on a roll tonight!

     

    Quote:

    Originally Posted by RamSay View Post

     

     

    Go **** yourself.   If you are a man, then stand by your words.  What if Apple does not go bankrupt next week ? Are you going to eat 10 pounds of shit in front of everyone and shout " I am a professional BS.  My prediction was worse than the shit I just ate !"    Sounds fair ?


     

    <img class=" src="http://forums-files.appleinsider.com/images/smilies//lol.gif" />

     

    Quote:


    Originally Posted by scotty321 View Post



    This has always been in all versions of iOS... the ability to make an emergency call without typing in the passcode. This is a feature, not a bug.

     

    Quote:
    Originally Posted by Tallest Skil View Post

     

     

    Weird that you’re the first to notice this. Weird that the article was written at all.


     

    <img class=" src="http://forums-files.appleinsider.com/images/smilies//lol.gif" />  <img class=" src="http://forums-files.appleinsider.com/images/smilies//lol.gif" /> 

  • Reply 17 of 130
    mstonemstone Posts: 11,510member
    Quote:

    Originally Posted by scotty321 View Post



    This has always been in all versions of iOS... the ability to make an emergency call without typing in the passcode. This is a feature, not a bug.

     

    The link in the article appears to be broken but this is an excerpt from the original post at Forbes:

     


    Quote: Forbes


     

    The trick includes international calls and calls to premium numbers, is simple enough that any phone thief could easily take advantage of it, and unlike the first bug revealed in the iOS 7 lockscreen Thursday, there doesn’t seem to be any immediate fix for users.

     

    Anyone who gets physical access to a locked iPhone running iOS 7 can simply tap “Emergency” on the lock screen, which brings up an emergency calling screen. Then he or she can dial any number and rapidly tap the call button until the phone reverts to an empty screen with an Apple logo at the center and make the call to that number. says Daoud. “Once the black screen appeared, it was pretty clear that this is a bug,” says Daoud. “You can dial a number anywhere, any time.



  • Reply 18 of 130
    I tried it but couldn't get it to do it
  • Reply 19 of 130
    This isn't news! This isn't worth reading! Who cares! Scenario: Somebody steals my iPhone and they want to place a phone call before iOS 7.0.1 comes out -- go for it dude. This is the stuff and fodder of the retarded tech press media echo chamber and should not be on a site like AppleInsider. Not worth the pixels that were wasted in this comment!
  • Reply 20 of 130
    Quote:

    Originally Posted by lkrupp View Post

     

    Everybody I know with an iPhone does not have a passcode set and uses it unlocked because of the inconvenience of entering a PIN to unlock it. I don't use a passcode on my iPad either. The paranoids must be out in force on this tuff.


    I was like that until I started running a business and realized that if my iPhone were stolen, I would potentially be out thousands in damages.  Pass code protection is a must in the business world or anywhere else that you have sensitive data. 

     

    If your phone only represents you and your personal data, then only you can be damaged.  If your phone represents you and a larger Entity, then both can be damaged. 

Sign In or Register to comment.