Apple Working On Fix For iOS 7 Lockscreen Bypass Flaw

Apple says it will fix an embarrassing security flaw on its new iOS 7 software which hackers showed can bypass the lockscreen and access personal data.

The flaw, discovered within hours of iOS 7 becoming publicly available, can be exploited on the iPhone 4S and 5 and gives access to personal data including email, photos, Twitter, Facebook and Flickr. It is exploited via the Control Center function, which is found by swiping up from the bottom of the screen. That offers access to the phone user's alarms, a calculator, and the camera, as well as frequently-used settings such as Wi-Fi, Bluetooth and Airplane mode.

The flaw appears not to affect the iPhone 5S and 5C.

From the alarms screen, a hacker can use a combination of button presses to access the multitasking manager, bypassing the lockscreen. That offers access to some user data including photos, email, Twitter, Facebook and Flickr accounts. An intruder can email or delete photos, send tweets, read and make Facebook posts and messages, and send text messages, though not read email.

"Apple takes user security very seriously," an Apple spokesman said. "We are aware of this issue, and will deliver a fix in a future software update."

Typically, Apple has taken at least two weeks to fix such flaws when they have been found.

"This is yet another embarrassing example of Apple's lax approach to iOS security," says Graham Cluley, an independent security expert. "I can remember at least two or three other recent occasions where Apple has been shown to be sloppy when it comes to security in past revisions of its mobile operating system."

Security flaws have been found previously in Apple's iOS mobile operating system on both the iPhone 4 in 2010 and the iPad in 2011 that had to be fixed by a security update.

The vulnerability relies on the hacker having physical access to the phone and cannot be executed remotely.

"It's only a potential problem if your phone gets stolen," said Cluley. "It's a bit of palaver to execute, and if a hacker has access to your phone not even a secure four-digit PIN lock will prevent them getting into the phone by hooking it up to a computer, as it only takes 10,000 combinations before they can access the phone."

He added: "I don't think it's disastrous, but it's certainly embarrassing yet again."

Until Apple releases a fix for the security issue, iPhone owners can protect themselves by disabling access to 'Control Center' via the lockscreen in the Settings app.

Credit:
theguardian.com
Posted by R+D
Labels: ,

No comments:

Post a Comment

For Your Information:
Posts are presented in a stack with the most recent post at the top. Clicking Older Posts will show the next (#) older posts and so forth. Clicking Newer Posts will show the previous (#) newer posts. Clicking on the word Home will display the top (#) most recent posts. When viewing a single post, clicking Older or Newer Post shows a single post each time, but, clicking Home displays the top (#) most recent posts. There are 326 posts in the stack, as of 9-15-19.