iOS 7 security flaw allows for Lock screen bypass in seconds

iOS 7 Lock Screen Bypass

A new security flaw has been discovered that allows for the Lock screen on iOS 7.1.1 to be bypassed in just seconds. The vulnerability provides access to any app that was left open before the device was locked, such as Mail or Messages, but a prompt appears to re-enter your Lock screen passcode if you attempt to navigate to the Home screen or elsewhere. Read ahead for how it works… 

The exploit affects the iPhone 4S or later on iOS 7.0 – iOS 7.1.1. I can confirm that the vulnerability exists on my iPhone 5 running iOS 7.0.4, while several other users report that it extends to the iPad. The only requirements to bypass the Lock screen are access to Control Center and a missed phone call in Notification Center. To duplicate the bypass on your device, simply follow these steps:

Step One: Swipe up from the bottom to open Control Center.

Step Two: Tap on the Airplane Mode toggle switch.

Step Three: Swipe down from the top to open Notification Center.

Step Four: Tap on a missed call notification.

While this exploit does not provide full access to an iPhone or iPad, it could allow for someone to read your emails, send messages, fiddle with your settings or other harmful actions depending on the app that you last left opened. A number of users that commented on the video noted that it does not work on iOS 8 beta, however, so it appears that Apple has patched the problem.

In the meantime, there are two temporary solutions for protecting yourself against this security flaw. The first option is to navigate to the Settings app, tapping Notification Center and disabling Lock screen notifications for the Phone app. The second option, also through the Settings app, is to tap on the Control Center menu and toggle off Access on Lock Screen.

A number of similar Lock screen exploits have been exposed over the years, including an iOS 7 vulnerability from last September that allowed access to almost any app running in the background. Another exploit on iOS 7.0.2 was uncovered just two weeks later, but it only allowed access to the Phone app. Apple typically patches these bugs in software updates.