Printed from http://www.electronista.com

New phone bypass discovered in iOS 7.0.2 lockscreen

updated 11:22 am EDT, Mon September 30, 2013

Patch fails to resolve lockscreen vulnerabilities

A newly-documented technique lets people bypass the lockscreen in iOS 7.0.2 and dial any phone number, not just emergency numbers. The method involves waiting for a notification, or forcing one by sending a text message or ejecting the SIM card. Once the notification pops up, a hacker has to swipe right on it while simultaneously swiping up on the Camera icon. While keeping a finger on the Camera icon, a person must then slide to unlock and tap the Emergency Call button. After dialing, hitting the Call button quickly two or three times should crash Springboard, but allow the call to go through once Springboard restarts.

The v7.0.2 update was itself meant to resolve earlier lockscreen vulnerabilities. The person credited with discovering the new bug, Dany Lisiansky, notes that he also recently found a v7.0.2 vulnerability allowing someone to skip the lockscreen via Siri or Voice Control and access photos, emails, and messages. Apple has had a recurring problem with new versions of iOS enabling lockscreen bypasses, which it then has to quickly close.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. sammaffei

    Fresh-Faced Recruit

    Joined: 09-04-04

    Apple has determined that it would be cheaper just to fix Dany Lisiansky.

  1. coffeetime

    Mac Enthusiast

    Joined: 11-15-06

    Do these people have better thing to do like getting out of the house?

  1. markbyrn

    Fresh-Faced Recruit

    Joined: 09-30-13

    A more apt title would be, 'another ridiculously obscure bypass discovered'

  1. apostle

    Junior Member

    Joined: 04-16-08

    Too much time on their hands.

    http://www.foldmoney.com/

  1. gprovida

    Fresh-Faced Recruit

    Joined: 02-14-06

    Sounds like whomever handles QA for Apple security and code development needs to be a whole lot more attentive to design and implementation.

  1. mgpalma

    Fresh-Faced Recruit

    Joined: 09-27-00

    While making the vulnerability known to Apple so they can fix it makes sense, it ticks me off that everyone has to publish the bloody method thereby putting everyone more at risk. So instead of being unknown to most, yo now put the method in the hands of the casual crook. Really nice, media. Thanks for nothing.

  1. bleee

    Mac Enthusiast

    Joined: 03-28-02

    Given enough time, anyone can pick a lock.

  1. qazwart

    Fresh-Faced Recruit

    Joined: 04-10-01

    The 7.0.2 iOS patch was released yesterday, and the security hole was discovered. Why didn't Apple discover this in their QA testing?

    These may be obscure, but once discovered, they quickly spread. There are thousands of people employed by various nefarious organizations banging away in order to discover any security hole that can be exploited.

    Maybe Apple should hire these guys to show their QA team how to test security patches.

  1. nowayoutofmymind

    Fresh-Faced Recruit

    Joined: 06-11-07

    Apple definitely screwed up security many times. They better spend their time doing thorough testing of the security features, instead of redrawing all icons with ugly colors. I cannot understand how such simple steps can bypass a so called security measure. This does not say nice things about the code design group behind those features.

  1. Arne_Saknussemm

    Forum Regular

    Joined: 04-05-11

    yep... Apple is crumbling

  1. reader50

    Administrator

    Joined: 06-01-00

    New policy suggestion for Apple. Anyone who finds a security bug gets hired for at least one year. Tech companies used to make job offers to anyone who was able to hack them.

    It's not like with Windows, where the bug reports are endless. OS X / iOS are well designed to begin with. After a few years of bug reports and new hires, nearly all security bugs will have been found. And the hiring will defuse most of the bad press.

  1. besson3c

    Clinically Insane

    Joined: 03-03-01

    Originally Posted by coffeetimeView Post

    Do these people have better thing to do like getting out of the house?




    I still don't get what's up with these sort of remarks. We should be grateful that these people are finding these flaws.

  1. besson3c

    Clinically Insane

    Joined: 03-03-01

    Originally Posted by Arne_SaknussemmView Post

    yep... Apple is crumbling



    The only thing I understand less than the above is remarks like this and the sentiment behind them, and my lack of understanding has nothing to do with my assessment on Apple's strength as a company.

    Why write this? Maybe explaining this will help me understand better...

  1. mp1963

    Fresh-Faced Recruit

    Joined: 06-29-10

    I would not call this a "flaw" .. you have to be both deranged and a contortionist to come up with this kind of rubbish.. but if it keeps these sort of people off the streets well ...

  1. TheMacMan

    Fresh-Faced Recruit

    Joined: 08-06-06

    There is an easier way. From the lock screen just press and hold the home button until Siri comes on and tell it to dial. Why go through all that non-sense

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Life n Soul 8 Driver Bluetooth headphones

When it comes to music on the go, consumers generally have some options to consider when looking for the best experience. While Blueto ...

Tesoro Tizona G2N Elite gaming keyboard

The market for gaming keyboards is getting crowded, starting off with some fairly simple keyboards and diverging into the land of modu ...

GX Gaming DeathTaker mouse

Gaming is a serious endeavor for many people, driving them to look for the best performance in their system and interface devices. Fro ...

Sponsor

toggle

Most Commented

 
toggle

Popular News