Posted on 09/20/2013 8:23:44 AM PDT by for-q-clinton
The passcode lock screen on iOS 7 suffers from a bug that allows anyone with direct access to the iPhone or iPad to bypass the lock screen and open apps.
The bug, discovered by 36-year-old soldier Jose Rodriguez, who lives on the Canary Islands off the coast of Spain, is remarkably simple to exploit, reports Forbes. Swipe up from the lock screen to access the new Control Center, then open the alarm clock app.
Hold the phone's sleep button, but instead of swiping to power down the phone, tap cancel and double-tap the home button to access the multitasking screen. From there, you can jump to the camera and share stored photos, which gives you access to the user's communication accounts such as e-mail, Flickr, Facebook, Twitter, and others.
The exploit has been tested successfully on iOS 7 when running on the iPhone 4S, 5, 5C, and 5S, and the most recent iPad model.
Apple did not immediately respond to CNET's request for comment. However, an Apple spokesperson told Forbes and others that the company "takes security very seriously" and that it's "aware of this issue. We'll deliver a fix in a future software update."
“...As I said, it’s bogus.”
******************************************************
Yes, it is indeed a bogus “security flaw”. But at least it gives another opportunity for Apple haters, like moths drawn to the light, to come and take shots at Apple products.
This exploit revolves around the access to Control Center from the lockscreen. My brand new iPhone 5S came out of the box with the toggle set to allow control center in lock screen. While it is handy to have access there, it should come default set to NOT allow control center in lockscreen. Problem solved.
Oh- ans last night I was notified of an update for my iPhone 5S (iOS 7.0.1). It is primarily for a bug some experienced with using fingerprint scanning to authenticate app store and itunes purchases.
This second bug doesn’t require any user to downgrade security first. It’s on video at the link.
Why is it so hard for you to admit that Apple (like every other software company anywhere) ships with bugs? It’s not like anyone here has accused Apple of being bad (or even worse that its competitors) when it comes to bugs? The only statement anyone made on this thread (that I saw) is that other companies would have faced (unwarranted) media attention for these bugs. You seem very defensive about a very normal occurrence in the tech industry...
That's not quite correct - the default is to require a screen lock passcode, yes. And obviously, if you choose not to use a passcode, then why would you complain about lock screen security?
However, the default setting for Control Center is "Access on Lock Screen" to be enabled. (Notification Center similarly defaults to being available from the lock screen.) In that respect, the default behavior is to use a passcode for the lock screen, but to bypass it for some functions. An exploit that allows access to the full phone or even partial data that uses that would indeed be a security bug that needs addressed.
That said, the more secure option in the first place is to disable Notification Center and Control Center from the lock screen in Settings.
Always wait for the second service pack, regardless of the OS.
Don’t use this one, (snicker) http://www.telegraph.co.uk/technology/apple/10330414/iOS-7-users-destroy-iPhones-after-fake-waterproof-advert.html
Barney Frank is on the user interface?? Eeew!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.