iOS 7 Lock Screen Vulnerability Gives Access to Photos, EmailThere appears to be a lock screen vulnerability in iOS 7 that allows access to a device’s photos, email, and social networking accounts. According to Jose Rodriguez, who provided a video of the bug to Forbes, a simple set of gestures gives unwarranted access to a device running iOS 7. The exploit can be initiated by swiping upwards on the device's lock screen to access the Control Center and open the Clock app. Once the clock app is open, holding the phone's sleep button will cause the "Slide to Power Off" option to appear. Tapping on cancel at this juncture and then double clicking on the home button will open the phone's multitasking screen, providing access to the camera and the photos on the device. The key to the trick, however, is to access the camera app from the lock screen first, causing it to appear in the recently used apps list. Because the photos from the camera app can be shared via Flickr, Twitter, Facebook, and email, an intruder can also gain access to those apps using the sharing tools. I tested the technique on an iPhone 5 running iOS 7, and it worked. Rodriguez’s video shows it working on an iPad, too. It’s not yet clear if the same exploit can bypass the lockscreen of an iPhone 5s or 5c, but Rodriguez tells me he believes it will. I’ve reached out to Apple for comment and I’ll update this post if I hear from the company.Apple has been plagued by lock screen vulnerabilities multiple times over the course of the year, with a bug appearing in iOS 6.1 that allowed lock screen access to the phone when the emergency call function was manipulated. The current iOS 7 vulnerability can be avoided by preventing the Control Center from appearing on the lock screen. The setting can be turned on by opening the Settings app, selecting "Access on Lock Screen" and toggling it off. Update: Apple has told AllThingsD that it is working on a fix. "Apple takes user security very seriously," Apple spokeswoman Trudy Muller told AllThingsD. "We are aware of this issue, and will deliver a fix in a future software update." Recent Mac and iOS Blog Stories • Google Releases New Universal 'Quickoffice' iOS App for Free • Google Drops NFC Requirement for Google Wallet, iOS App Now Available • Disney Launches Sandbox Creation Game 'Disney Infinity: Toy Box" for iPad • Refurbished Mid-2013 11-Inch MacBook Airs Now Available in Apple Online Store • iOS 7 Allows Siri to Disable Find My iPhone via Airplane Mode in Security/Convenience Trade-Off • Apple Releases Chrome and Firefox Extensions for Windows to Support iCloud Bookmark Syncing • Sapphire Home Buttons Coming to New iPads? • Rovio's 'Angry Birds Star Wars II' Hits the App Store
http://www.macrumors.com/2013/09/19/ios-7-lock-screen-vulnerability-gives-access-to-photos-email/
