Just a day after iOS 7 went public, an important security bug has been discovered that lets anyone who has your iPhone in his/her hands bypass the Lock screen — with passcode lock on — and have access to photos, email, Twitter, and more, Forbes‘ Andy Greenberg reports.
The bug was discovered by Jose Rodriguez, who has discovered an iOS 6 lock screen bug earlier this year. As you can see from the video below, the passcode involves the brand new Control Center. We’ve tested it on an iPhone 4 and it works, but we cannot confirm access to other apps than Camera.
So here is how the trick works: first you need to make sure the passcode lock is on. Now launch Control Center from your lock screen and choose to launch the clock app. After the app launches, hold down the power button until the “slide to power off” message appears. Hit Cancel and hit the Home button twice (just like you do when you are multitasking) milliseconds after hitting Cancel. There you go: you entered the phone’s multitasking screen.
From there on, the intruder theoretically will have access to all apps you opened earlier, the report highlights and as you can see in the video. But, again, we cannot confirm that they indeed have access to it.
While we are waiting for Apple to address this bug, there is a simple workaround that will keep this from happening: revoke Control Center access from the lock screen. To do that, you can simply hit Setting>Control Center and toggle the “Access on Lock Screen” off. That’s it, your content is now safe.
Update: Apple has told AllThingsD they are aware of this flaw and will fix it in a future iOS update.
“Apple takes user security very seriously,” Apple spokeswoman Trudy Muller toldAllThingsD. “We are aware of this issue, and will deliver a fix in a future software update.”