Yet another lockscreen bypass has been discovered in Apple's iOS 7. While this one only grants you access to the last app the iPhone's owner was using, it's easy to replicate and is more consistently successful than most iOS lockscreen bypasses.
As detailed by a young man named Daniel who posts videos to YouTube under the name EverythingApplePro, the bypass works by stringing together Control Center, Airplane Mode and a missed-call notification. We were able to replicate it several times on an iPhone 5s running iOS 7.1.1.
Control Center is a feature introduced in iOS 7 that lets the user control music playback, wireless connectivity, the camera and other often-used apps and settings from a single screen. By default, the user can access Control Center from the lockscreen without entering a passcode.
First, two preparatory steps: In Settings —> Control Center, make sure "Access on Lock Screen" is on. Then call the targeted iPhone and hang up before it answers.
Now that you've got the device primed, here's how someone could leverage Control Center to break into an iPhone.
- Press the power button to turn off the screen, or wait a few seconds until the screen goes dark.
- Press the power button to wake up the screen.
- Swipe up from the bottom of the screen to bring up Control Center.
- Turn on Airplane Mode by tapping the airliner icon on the top left of the Control Center interface.
- Swipe down to hide Control Center.
- Swipe down from the top of the screen to display the Notifications screen. (You still haven't unlocked the screen.)
- Tap the missed-call notification.
If you do all that within a couple of seconds, you'll find yourself facing the same app the user had open when the iPhone's screen was powered off — without having to type in the passcode.
If that app is Mail, you'll be able to read, send and delete messages from the user's account. If it's Settings, you can change many of the phone's settings. If it's Facebook or Twitter and the user is logged in — go to town.
You won't be able to access any other apps, as hitting the Home button takes you back to the lockscreen. But this is still a significant security hole.
Lockscreen bypasses for iOS are discovered pretty regularly — the previous one was disclosed just over a month ago — but they're often hit-or-miss, with several failed attempts before you can get through. This one worked every time, as long as the conditions were right and we executed the steps swiftly.
To make sure you don't fall victim to this vulnerability, simply disable Control Center access from the lockscreen.
A request for comment sent to Apple was not immediately returned.