A new iOS 7.1.1 iPhone Lock screen bypass has been discovered. Lock screen bypasses in and of themselves aren't new — trying to protect a phone while also allowing access to convenient features results is an incredible tension — but this one can provide access to an app, which makes it one of the most serious to date. It does require physical access to your iPhone, but if you do lose possession, here's how the bypass works and, more importantly, how you can protect yourself from it.
Note: iMore tested the exploit and its scope before reporting on it. We were able to duplicate it but also get a sense of its ramifications and limitations.
First, in order to get around the passcode lock, this bypass requires that the iPhone be placed into Airplane mode, and that a missed phone call notification be present. When those conditions are met, tapping or swiping the missed call notification will cause a Settings popup to appear on top of whatever app was last active (in the foreground) on the iPhone prior to it being locked. Dismiss the popup and you have access to the app. Just that one app, mind you. Clicking the Home button will take you back to the Lock screen and the passcode, not the Home screen, so the exposure is limited. Based on the last app, however, your privacy and security can be compromised.
Apple will no doubt patch this exploit as soon as they can. In the meantime, how can you protect against it?
- Disable Control Center from the Lock screen. (I keep this disabled permanently, I never want someone to be able to put my phone in Airplane mode without the Passcode or Touch ID.)
What if, for some reason, you don't want to disable Control Center?
Or, more specifically:
If even that is too much for you:
- Make sure you never leave your iPhone in Airplane mode and always go to Home screen before locking your iPhone.
If the Home screen (SpringBoard) is the last thing in the foreground, the exploit simply doesn't work.
Usually Lock screen bypasses are limited to system apps whose contents are left unlocked to support certain convenience-based features from the lock screen. i.e. - it makes sense that lock screen bypasses in the past gave an attacker access to Contacts, because you can receive calls while on the lock screen, and caller information is shown. In this case it's unclear why the contents of the last foregrounded app are unencrypted.
Again, Apple's security team is top notch and they're usually quick to patch exploits, so until they do make sure you take steps to protect yourself and your data, and if you have any questions, ask away!
Nick Arnott contributed to this article
This Navy Blue iPhone 12 Pro concept shows Midnight Green is so last year
Rumors of a Navy Blue iPhone 12 Pro have circulated a few times and we're right here for it. After watching this concept, you will be as well.
Appeals court dismisses anti-conservative bias lawsuit against Apple
An appeals court has dismissed a lawsuit claiming Apple, Google, Facebook, and Twitter were biased against conservative views.
Apple TV+ lands its biggest film yet
Apple TV+ has landed the right to 'Killers of the Flower Moon', a Martin Scorsese film starring Robert De Niro and Leonardo DiCaprio.
Webcam hacking is real, but you can protect yourself with a privacy cover
Worried people might be looking in through your webcam on your MacBook? No worries! Here are some great privacy covers that will protect your privacy.