Yet another Lock screen vulnerability, this time on iOS 7.0.2

By , Sep 27, 2013

Lock screen Bug Dana Lisiansky 02

Once again, another Lock screen vulnerability has reared its ugly head, this one right on the heels of Apple’s 7.0.2 update to fix another vulnerability.

Dany Lisiansky has posted the steps on a YouTube video he recently uploaded, and we’ve verified that the steps, albeit a bit involved, do work.

If there’s one bright spot about this latest vulnerability, it is that it doesn’t expose anything outside of the Phone app to would be snoopers, and you can nix the bug by disabling Siri access from the Lock screen. Still, Apple’s security team can’t be happy about this.

You can test the bug out for yourself, as Lisiansky has outlined the steps in the video’s description:

Step 1: Make a phone call (with Siri / Voice Control)

Step 2: Click the FaceTime button

Step 3: When the FaceTime App appears, click the Sleep button

Step 4: Unlock the iPhone

Step 5: Answer and End the FaceTime call at the other end

Step 6: Wait a few seconds

Step 7: Done. You are now in the phone app

This might not seem like that big of a deal, but it’s a big flaw in my opinion. While it’s true that you can only use Siri to dial contacts, this bug allows anyone to see your entire list of contacts, your call history, even your voicemail.

It’s just another case of allowing users to do too much from the Lock screen. Of course, you can go into the Settings > General > Passcode & Fingerprint settings, and disable Siri access from the Lock screen until Apple fixes this issue.

Siri Lock screen Toggle

What are your thoughts about Apple’s ongoing Lock screen security issues?

  • Share:
  • Follow:
  • Ricardo Lopez

    That didnt take long

    • Jo

      that’s what yo mama said

  • whodakat

    Who in the world figures these things out? Maybe if I use Siri to make a call, then I tiptoe around the room, followed by a rain dance and viola, I can see your voice mail. LOL Some people have a lot of time on their hands.

    • TesticularFortitude

      You don’t seem frightened… Lol

    • Jonah

      You sir just made my day. LOL

    • Singed

      Heheh, nice one.

    • Nate McKelvie

      That’s what I always wonder too, I mean how many combinations of random things must one do before they stumble onto something like this

    • Ken Kitsune

      you just have to know the work arounds of something.
      it’s like going from your home to office. You look for the fastest way, but when that way is blocked/traffic, you find another way. in computer too you find a way to go around navigating,… :)

  • Jonathan

    Apple, do your stuff.

  • jocastro

    omg come on apple, step it up

  • seyss

    Why are you so surprised? Every iOS has a lockscreen bypass to be used by law enforcement.

    • Armando Ferrero Rocher

      It’s a new feature that they’re adding in every iOS update.

      • ✪ aidan harris ✪

        It’s not a feature it’s a bug and will likely be fixed within a few weeks just like the other lockscreen vulnerability. We as users of Apple devices should be thankful for the fact that Apple cares about its users security and provides fixes quickly to the majority of its devices. Some competitors devices (mostly Android) never receive more than one or two updates even if a serious security flaw is discovered and instead have to rely on third-party solutions and anti-virus to prevent such vulnerabilities from being exploited.

      • iwanttohack

        I have jailbroken ipod touch 4 having ios 4.2.1…..and the problem is that it doesnt shows on a computer and in itunes…..whats the problem? Plz help…..i will be very thankful to u.

      • ✪ aidan harris ✪

        Try putting your device in dfu (device firmware update) mode. To do this turn your device off and then turn it on but keep your finger on the power button. When you see the Apple logo immediately press and hold the home button until the screen goes blank. As soon as the screen goes blank release the power button but continue to hold the home button for roughly ten seconds. When the screen stays blank you know that you are in dfu mode. Plug your device into iTunes and it should be recognised. Proceed with the restore and hopefully all will go well. If you get an error common faults are that your device has run out of battery during the restore (this happens a lot) or your hosts file is blocking Apples servers.

      • Singed

        You must be amazingly fun at parties.
        A guy made a joke and you blew it with a wall of text.
        D’aw

      • ✪ aidan harris ✪

        Whether or not it’s a joke or not I couldn’t care less I’m just trying to make a point.

      • iwanttohack

        Its not a joke dude…….but you are trying to make it, i just want help so i asked for it with aidan….and it helped me a lot….

      • Singed

        Erm, I meant his throughout explanation of how the security vulnerabilities are not an addition to every iOS update. As you can see, Armando made a joke and Mr. Aidan wrote a response. Then, you asked Mr. Aidan for help and he wrote you a response. I replied to his FIRST comment, the one where he killed the joke.
        I didn’t mean the post that helped you, sorry if you got confused, but the chat system in DIsqus works a bit differently than you might think.
        Cheers.

    • OfcrFriendly

      This is a bug, not a bypass.. Law enforcement have software & tools available to bypass lockscreens, they do not use this method.

      • Guest

        no

      • OfcrFriendly

        Yes

  • Think different

    Beginning to be disillusioned at Apple. This is just one of many bugs … Parallax is frozen after the light sensor off, google translate the classical view is ruined, and many others …

  • Ernie Marin

    I’m beginning to think this is either Samsung employees or Apple’s former employees that devote their time to finding out what’s wrong with every IOS release.

  • Sex in the city

    Its good people do it. Apple gets these bugs for free to patch things up :)

  • Sigurd Boe

    Of course they are happy that people find the bugs, so they can fix them :)

  • doorsunopened

    The amount of vitriol that people are spewing is amazing. People saying they will never buy an apple product because of a design refresh? Being disillusioned because of a mildly ridiculous 17 step hack to look at contacts? People need to relax.

    • Singed

      Still, this isn’t the first, nor the second exploit of this type in iOS 7.
      We need to draw some conclusions.

  • Tony Trenkle Jr.

    This was already said, but people have WAYYYYY too much time on their hands…

  • Osama Al-Shaheen

    7.0.3 on the way

    • Jo

      or 7.1

      • kamranm1200

        Probably will be fixed with 7.1, which will probably be released in a few weeks at Apple’s October event.

    • chris125

      and that will have another lock screen vulnerability to be fixed in 7.0.4, only to find another one. Seems like that is the cycle ever since 6.1 with these lock screen bugs

  • TesticularFortitude

    God forbid that someone steals my phone, know that this exploit exist, and see my call log. lol

  • imra qyasif

    Guess this guy had nothing else to do.

  • Siddharth Desai

    How do you even find these bugs? I mean who though about doing all those steps?

    • JAE_Tech

      I wonder that too

  • Nadejda Kokoshkova-Mansour

    He he : this will not work in middle east devices.Here there is no Face Time

    • http://www.twitter.com/Namra297 Namra

      Haha cheers :)

    • Kyaw Swar Aung

      True Story

  • vadovado

    . . . . . . . . . . . . . . . . . . . ________
    . . . . . .. . . . . . . . . . . ,.-‘”. . . . . . . . . .“~.,
    . . . . . . . .. . . . . .,.-”. . . . . . . . . . . . . . . . . .“-.,
    . . . . .. . . . . . ..,/. . . . . . . . . . . . . . . . . . . . . . . ”:,
    . . . . . . . .. .,?. . . . . . . . . . . . . . . . . . . . . . . . . . .,
    . . . . . . . . . /. . . . . . . . . . . . . . . . . . . . . . . . . . . . ,}
    . . . . . . . . ./. . . . . . . . . . . . . . . . . . . . . . . . . . ,:`^`.}
    . . . . . . . ./. . . . . . . . . . . . . . . . . . . . . . . . . ,:”. . . ./
    . . . . . . .?. . . __. . . . . . . . . . . . . . . . . . . . :`. . . ./
    . . . . . . . /__.(. . .“~-,_. . . . . . . . . . . . . . ,:`. . . .. ./
    . . . . . . /(_. . ”~,_. . . ..“~,_. . . . . . . . . .,:`. . . . _/
    . . . .. .{.._$;_. . .”=,_. . . .“-,_. . . ,.-~-,}, .~”; /. .. .}
    . . .. . .((. . .*~_. . . .”=-._. . .“;,,./`. . /” . . . ./. .. ../
    . . . .. . .`~,. . ..“~.,. . . . . . . . . ..`. . .}. . . . . . ../
    . . . . . .(. ..`=-,,. . . .`. . . . . . . . . . . ..(. . . ;_,,-”
    . . . . . ../.`~,. . ..`-.. . . . . . . . . . . . . . … . /
    . . . . . . `~.*-,. . . . . . . . . . . . . . . . . ..|,./…..,__
    ,,_. . . . . }.>-._. . . . . . . . . . . . . . . . . .|. . . . . . ..`=~-,
    . .. `=~-,__. . . `,. . . . . . . . . . . . . . . . .
    . . . . . . . . . .`=~-,,.,. . . . . . . . . . . . . . . .
    . . . . . . . . . . . . . . . . `:,, . . . . . . . . . . . . . `. . . . . . ..__
    . . . . . . . . . . . . . . . . . . .`=-,. . . . . . . . . .,%`>–==“
    . . . . . . . . . . . . . . . . . . . . _. . . . . ._,-%. . . ..`

    • Dan

      =D

  • Amad

    Just hope other improvements come with this fix.

  • abdullah575

    my contry dont support facetime !!

  • Marlber Cruz

    lol!

  • Joseph Thebigragu Plaza

    This shit has been going on since ios 6; fix yor shit apple.

    • http://www.twitter.com/Namra297 Namra

      That was rude..

      • Joseph Thebigragu Plaza

        What’s rude is that I paid over $600 for a device that can’t keep my personal information safe.

      • mav3rick

        They should give up. Lock screen can be bypassed after many “fixes”, TouchID can be tricked, too. But don’t worry, because it’s them, all the hacks are called just “ridiculous”.

  • omrishtam

    wow….really?

  • Jose Rivera

    I have a question though, who the hell has time to go through and find out a pass code vulnerability? Really…

    • WolfgangHoltz

      People that don’t have the right code probably.

  • WolfgangHoltz

    Let’s see how many subversion’s we can get from this iOS 7 joke.
    The user interface tells that Apple must have used child labor for this.
    Fingerprint sensor to step up security, Wow. Just put it where the sun don’t shine.
    Anyone who knows the story of the emperor’s new clothes is bound to say that the emperor is quite naked!

  • Apple_King98

    Gesture Up, Up, Down, Down, Left, Right, Left, Sleep button,Home. iPhone unlocked

  • Liam Mulcahy

    wow

  • http://www.avault.com Saulo Benigno

    7.0.3 we are waiting for you :)

  • Syllex

    well, seems someone has a lot of time

  • ehX

    Good thing I don’t use Siri. It’s disabled on my iPhone so nothing to worry about.

  • Sumeet Gandhi

    hahaha

  • Meetpal

    Another way to use Siri on Lockscreen and still not be vulnerable to this.

    If you turn off “voice dial” access on Lockscreen, than siri would ask for passcode before making a call.

    • Devam

      True

  • Frozen Bee .GFKS

    good news for iP4 users….we have no Siri :D

  • http://nxtinsight.com/ Abhinav Singh

    I dont how Many 7.0.xxxxx will take to get these issues rectified!!
    But this doesnt bother me!!! m/

  • chris125

    There has been a lock screen vulnerability on every version of IOS since 6.1 Apple supposedly issues a “fix” yet the fix has another vulnerability. Lock screen security seems to be a weak area for apple.

  • Palmer Paul

    Nice job Dany!!! Go Israel!!!

  • Edward Hofer

    Its not a big deal. Can anybody tell me how I can get siri on my iPhone 4 with this update. iOS 7.0.2.

  • Anonymous

    Why don’t people try and hack android

  • kamranm1200

    Another one, but this time using FaceTime:

    Step 1: Call one of your FaceTime contacts using Siri.
    Step 2: End the call:
    Step 3: Boom, you are at the home screen.

    Now I’m not sure if this works with a passcode set, so try it with a pascode set, and see if it works.

  • Guilherme Correa Teixeira

    there is another bug… when I change a song on MUSIC app, with the lyric on the screen, it doestn change the lyric of the next song… anyone with the same error?

  • Ezhil

    iOS 7and7.0.2 can’t open wifi?

  • Dom

    Help me as I dont have siri or voice control and please reply to me how to bypass without siri or voice control.

  • Penska13

    I was waiting for that. The one thing I hate about ios 7 is when you’re in an app and someone calls instead of going back to the app it goes to the phone dialer.

  • Christian Rogers

    Are you kidding me? People seriously waste their lives finding this shit? Get a job

  • Shafarulnizam Muhamad

    please help me…i forget my phone password lock screen iphone 4s ios 7
    ,i also dont know who id apple used because i buy 2hd phone…can you help me…pleaseee…tq