iOS 7 Bug Lets Users Bypass Passcode Protection

A potentially nasty security vulnerability has been uncovered in iOS 7, which could allow an unauthenticated user to play with emails, social networks and photos on an Apple device running the recently-released operating system.

All the hack requires is for a user to pick up an iPhone or iPad running iOS 7, swipe up to access the control centre and open the alarm clock. Then hold down the power button, but do not power off. Instead tap cancel and double click the home button to access the multitasking screen. From there, it is possible to access photos.

It appears the latter stage of the hack needs to be carried out fairly quickly.

Hacking iOS 7 devices

The video below from Jose Rodriguez, who uncovered the flaw, shows how to bypass the iOS passcode protection:

According to Forbes, Apple is working on a fix. The most-recent iOS 7 update already covered a slew of vulnerabilities, with 41 updates.

iOS 7 has faced much scrutiny from the security community. A crowdfunded bounty was offered earlier this week to the first person who can show how they hacked the Touch ID login system, using just a fingerprint taken from another surface, like a beer glass. Thousands of dollars are already on offer.

Meanwhile, researchers are planning on revealing research that would show weaknesses in iMessage. Apple had previously claimed it was using end-to-end encryption on iMessage, so only the sender and receiver would be able to read messages. It said the company could not decrypt the data.

The weakness resides in the protocol itself, according to researchers from Quarkslab, who are due to present their full findings at the Hack In The Box conference in Asia next month.

What do you know about Internet security? Find out with our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

3 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

3 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

3 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

4 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

4 days ago