New in OS X: Get MacRumors Push Notifications on your Mac

Resubscribe Now Close

iOS 7 Lock Screen Vulnerability Gives Access to Photos, Email

There appears to be a lock screen vulnerability in iOS 7 that allows access to a device’s photos, email, and social networking accounts. According to Jose Rodriguez, who provided a video of the bug to Forbes, a simple set of gestures gives unwarranted access to a device running iOS 7.

The exploit can be initiated by swiping upwards on the device's lock screen to access the Control Center and open the Clock app. Once the clock app is open, holding the phone's sleep button will cause the "Slide to Power Off" option to appear. Tapping on cancel at this juncture and then double clicking on the home button will open the phone's multitasking screen, providing access to the camera and the photos on the device. The key to the trick, however, is to access the camera app from the lock screen first, causing it to appear in the recently used apps list.

Because the photos from the camera app can be shared via Flickr, Twitter, Facebook, and email, an intruder can also gain access to those apps using the sharing tools.

I tested the technique on an iPhone 5 running iOS 7, and it worked. Rodriguez’s video shows it working on an iPad, too. It’s not yet clear if the same exploit can bypass the lockscreen of an iPhone 5s or 5c, but Rodriguez tells me he believes it will. I’ve reached out to Apple for comment and I’ll update this post if I hear from the company.
Apple has been plagued by lock screen vulnerabilities multiple times over the course of the year, with a bug appearing in iOS 6.1 that allowed lock screen access to the phone when the emergency call function was manipulated.

The current iOS 7 vulnerability can be avoided by preventing the Control Center from appearing on the lock screen. The setting can be turned on by opening the Settings app, selecting "Access on Lock Screen" and toggling it off.

Update: Apple has told AllThingsD that it is working on a fix.
"Apple takes user security very seriously," Apple spokeswoman Trudy Muller told AllThingsD. "We are aware of this issue, and will deliver a fix in a future software update."

Top Rated Comments

(View all)

14 months ago
I've always wondered how people stumble upon these vulnerabilities, then turn around and are even able to recreate them.
Rating: 31 Votes
14 months ago
Here we go again....

One of the reasons I wait a week or two before upgrading.
Rating: 14 Votes
14 months ago

ive been trying to get this to happen, cant make it work on my 5.


That's because you forgot to put your left index finger in your right ear....:confused:
Rating: 12 Votes
14 months ago
Do people have nothing better to do than to try and find ways to break iOS?
Rating: 9 Votes
14 months ago

I've always wondered how people stumble upon these vulnerabilities, then turn around and are even able to recreate them.


Often just by playing around. Sometimes playing around leads to one thing which causes you to realize "Wait, what if I do this too?" and, whoops, you've stumbled on a path that nobody ever expected.

Then you realize you're in the "bad" state (I can see photos and I'm not supposed to be able to!) and the next step is to try to recreate the actions that got you there, until you distill it down to exactly what the problem is.

Then you file a problem report to the software guys and they can fix it...

Locking down software is kind of like locking down a physical room. It's easy to set up the obvious stuff -- put locks on the doors and windows -- but then you have to start thinking about the more far-fetched scenarios. What if you gained access to the boiler room, then snuck up through the ceiling tile? What if someone manages to find the spare key to the lock that you left in the bedroom? Thorough testing, and/or reports from accidental discoveries like this, are what's needed to plug up all the holes.

Do people have nothing better to do than to try and find ways to break iOS?


No software is perfect. Don't you want them to find the flaws so they can be fixed quickly?
Rating: 9 Votes
14 months ago
Easy fix - just turn off access to the control center from the lock screen.

I too am amazed at how people figure this stuff out....ok, stand on one leg, wear an eye patch and bark like a dog. If you do those things then the software will hiccup.

:confused:
Rating: 8 Votes
14 months ago

Mine still says up to date..... Is that a 5?


7.0.1 is 5S and 5C only. That picture is clearly a 5S. Look at the home button.
Rating: 8 Votes
14 months ago
Pick one that the Applelogists will go for:

- Why are people keeping their Photos in the multitasking bar? :confused:
- I've never had that problem!!! This guy is just looking to create trouble for Apple.
- Go get an Android if you don't like the way the lock screen behaves.

In reality though, I'm sure this'll be fixed in 7.0.1 or 7.0.2.
Rating: 7 Votes
14 months ago
One moment you're getting praised for security, the next you're getting ripped for exploits :rolleyes:
Rating: 7 Votes
14 months ago
The first thing I turned off when I installed iOS 7.

The control center is a bit too much power for someone to have over my phone if they don't know my passcode.
Rating: 7 Votes

[ Read All Comments ]