iOS 7 Lock Screen Vulnerability Gives Access to Photos, Email

There appears to be a lock screen vulnerability in iOS 7 that allows access to a device’s photos, email, and social networking accounts. According to Jose Rodriguez, who provided a video of the bug to Forbes, a simple set of gestures gives unwarranted access to a device running iOS 7.

The exploit can be initiated by swiping upwards on the device's lock screen to access the Control Center and open the Clock app. Once the clock app is open, holding the phone's sleep button will cause the "Slide to Power Off" option to appear. Tapping on cancel at this juncture and then double clicking on the home button will open the phone's multitasking screen, providing access to the camera and the photos on the device. The key to the trick, however, is to access the camera app from the lock screen first, causing it to appear in the recently used apps list.

Because the photos from the camera app can be shared via Flickr, Twitter, Facebook, and email, an intruder can also gain access to those apps using the sharing tools.

I tested the technique on an iPhone 5 running iOS 7, and it worked. Rodriguez’s video shows it working on an iPad, too. It’s not yet clear if the same exploit can bypass the lockscreen of an iPhone 5s or 5c, but Rodriguez tells me he believes it will. I’ve reached out to Apple for comment and I’ll update this post if I hear from the company.

Apple has been plagued by lock screen vulnerabilities multiple times over the course of the year, with a bug appearing in iOS 6.1 that allowed lock screen access to the phone when the emergency call function was manipulated.

The current iOS 7 vulnerability can be avoided by preventing the Control Center from appearing on the lock screen. The setting can be turned on by opening the Settings app, selecting "Access on Lock Screen" and toggling it off.

Update: Apple has told AllThingsD that it is working on a fix.

"Apple takes user security very seriously," Apple spokeswoman Trudy Muller told AllThingsD. "We are aware of this issue, and will deliver a fix in a future software update."

Top Rated Comments

stephen1108 Avatar
124 months ago
I've always wondered how people stumble upon these vulnerabilities, then turn around and are even able to recreate them.
Score: 31 Votes (Like | Disagree)
AppleMark Avatar
124 months ago
Here we go again....

One of the reasons I wait a week or two before upgrading.
Score: 14 Votes (Like | Disagree)
RedRaven571 Avatar
124 months ago
ive been trying to get this to happen, cant make it work on my 5.

That's because you forgot to put your left index finger in your right ear....:confused:
Score: 12 Votes (Like | Disagree)
notjustjay Avatar
124 months ago
I've always wondered how people stumble upon these vulnerabilities, then turn around and are even able to recreate them.

Often just by playing around. Sometimes playing around leads to one thing which causes you to realize "Wait, what if I do this too?" and, whoops, you've stumbled on a path that nobody ever expected.

Then you realize you're in the "bad" state (I can see photos and I'm not supposed to be able to!) and the next step is to try to recreate the actions that got you there, until you distill it down to exactly what the problem is.

Then you file a problem report to the software guys and they can fix it...

Locking down software is kind of like locking down a physical room. It's easy to set up the obvious stuff -- put locks on the doors and windows -- but then you have to start thinking about the more far-fetched scenarios. What if you gained access to the boiler room, then snuck up through the ceiling tile? What if someone manages to find the spare key to the lock that you left in the bedroom? Thorough testing, and/or reports from accidental discoveries like this, are what's needed to plug up all the holes.

Do people have nothing better to do than to try and find ways to break iOS?

No software is perfect. Don't you want them to find the flaws so they can be fixed quickly?
Score: 9 Votes (Like | Disagree)
aircanman Avatar
124 months ago
Do people have nothing better to do than to try and find ways to break iOS?
Score: 9 Votes (Like | Disagree)
DavidLeblond Avatar
124 months ago
Mine still says up to date..... Is that a 5?
7.0.1 is 5S and 5C only. That picture is clearly a 5S. Look at the home button.
Score: 8 Votes (Like | Disagree)

Popular Stories

maxresdefault

Apple Announces WWDC 2023 Event Taking Place June 5 to 9

Wednesday March 29, 2023 9:58 am PDT by
Apple today announced that its 34th annual Worldwide Developers Conference will take place from Monday, June 5 to Friday, June 9. Like WWDC 2020, 2021, and 2022, WWDC 2023 will be an online event for the most part, and it will be open to all developers at no cost. Subscribe to the MacRumors YouTube channel for more videos. Apple will provide online sessions and labs, which will allow...
iPhone 15 Pro Buttons CAD Leak

iPhone 15 Pro Low-Energy Chip to Allow Solid-State Buttons to Work When Device is Off or Out of Battery

Wednesday March 29, 2023 1:54 am PDT by
The iPhone 15 Pro and Pro Max will use a new ultra-low energy microprocessor allowing certain features like the new capacitive solid-state buttons to remain functional even when the handset is powered off or the battery has run out, according to a source that shared details on the MacRumors forums. CAD-based render of new solid-state buttons on iPhone 15 Pro models The source of this rumor is ...
CarPlay Phone Call

General Motors to Phase Out Apple CarPlay Starting This Year in EV Transition

Friday March 31, 2023 8:43 am PDT by
General Motors (GM) will phase out Apple CarPlay and Android Auto in its vehicles starting this year, shifting to a built-in infotainment system co-developed with Google (via Reuters). GM owns Buick, Cadillac, Chevrolet, and GMC in the United States. It will stop offering Apple CarPlay and Android Auto starting with the 2024 Chevrolet Blazer, which goes on sale this summer. The company plans ...
iPhone 15 Pro Multi Purpose button Mute Switch Feature Green 2

iPhone 15 Pro Rumored to Feature Multi-Use Action Button Instead of Mute Switch

Wednesday March 29, 2023 7:28 am PDT by
iPhone 15 Pro and iPhone 15 Pro Max models are rumored to feature a customizable Action button like the Apple Watch Ultra, according to a MacRumors forum member who leaked accurate details about the Dynamic Island on iPhone 14 Pro models last year. The source claimed the Action button will replace the Ring/Silent switch that has been included on every iPhone model since 2007. They did not...
iOS 16

iOS 16.4 Now Available for Your iPhone With These 8 New Features

Friday March 31, 2023 8:55 am PDT by
Following six weeks of beta testing, iOS 16.4 was released to the public this week. The software update includes a handful of new features and changes for the iPhone 8 and newer. To install an iOS update, open the Settings app on the iPhone, tap General → Software Update, and follow the on-screen instructions. Below, we have recapped eight new features and changes added with iOS 16.4,...
iOS 17 on Phone Feature

Three New iOS Features Coming to Your iPhone Following Apple Music Classical

Thursday March 30, 2023 7:13 am PDT by
With the Apple Music Classical app and an Apple Pay Later early access program now available, the list of previously-announced iOS features that have yet to launch is beginning to shrink. However, there are still a few features we are waiting for. Below, we have recapped three more iOS features that are expected to launch in 2023, including an Apple Card savings account for Daily Cash,...
apple mixed reality headset concept by david lewis and marcus kane

Kuo: Apple Mixed-Reality Headset May Not Appear at WWDC as Mass Production Pushed Back Yet Again

Thursday March 30, 2023 4:50 am PDT by
Apple has again pushed back mass production of its mixed-reality headset and the device may not appear at this year's Worldwide Developers Conference (WWDC), Apple analyst Ming-Chi Kuo today said. Apple headset concept by David Lewis and Marcus Kane In a tweet, Kuo explained that Apple "isn't very optimistic" about whether the headset will be able to create an "iPhone moment." As a result,...