iOS 7 security update patches lockscreen flaw

Tricky maneuver exposed email, popular online accounts

Apple yesterday released an iOS 7 software update that fixes a security flaw that let users bypass the iPhone lockscreen to access a range of onboard information and online accounts.

IOS 7.0.2 seems to be mainly a security patch, but the update screen also says there is a new Greek alphabet keyboard option for entering a passcode.

A day after iOS 7 was released earlier this month, Forbes’ Andy Greenberg reported that a U.S. soldier had somehow uncovered a rather complex series of actions that let him bypass the lockscreen, at least on existing iPhones that updated to the new firmware.

[MORE iOS7: iOS 7 tips and tricks you need to learn]

[NEWS: Quick look: The interesting rise and quick fall of Blackberry]

The actions involved swiping upwards on the lockscreen to bring up the iOS Control Center, then opening the alarm clock app, then holding down the power button to show the “power off” and “cancel” options, then tapping “cancel,” and finally quickly double-clicking the home button to bring up the multitasking screen for various apps.

According to Greenberg’s account, the user could then access the phone’s camera and stored photographs and, more importantly, the ability to share the photos via various associated accounts, and therefore access them: including email, Twitter, Facebook and Flickr.

John Cox covers wireless networking and mobile computing for Network World.http://twitter.com/johnwcoxnwwjohn_cox@nww.com

Twitter:

Email:

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies