There seems to be a lock screen vulnerability discovered by users in iOS 7 that allows access to a device’s photos, email and social networking accounts. According to Jose Rodriguez who provided a video of the bug to Forbes, a few gestures gives unwarranted access to a device running iOS 7.
The exploit can be initiated by swiping upwards on the device’s lock screen to access the Control Center and open the Clock app. Once the Clock app is open, holding the phone’s sleep button will cause the “Slide to Power Off” option to appear. Tapping on cancel at this point and then double clicking on the hoe button will open the phone’s multitasking screen and give access to the camera and the photos on the devices. The key to the trick however, is to access the Camera app from the lock screen first, causing it to appear in the recently used apps list.
Since the photos from the Camera app can be shared via Flickr, Twitter, Facebook and email, a user with malicious intent can also gain access to those apps using the sharing tools. The following was mentioned regarding the procedure:
I tested the technique on an iPhone 5 running iOS 7, and it worked. Rodriguez’s video shows it working on an iPad, too. It’s not yet clear if the same exploit can bypass the lockscreen of an iPhone 5s or 5c, but Rodriguez tells me he believes it will. I’ve reached out to Apple for comment and I’ll update this post if I hear from the company.
Those of you who are interested in watching a video of the vulnerability in action can do so below: