A new iOS 7.1.1 iPhone Lock screen bypass has been discovered. Lock screen bypasses in and of themselves aren't new — trying to protect a phone while also allowing access to convenient features results is an incredible tension — but this one can provide access to an app, which makes it one of the most serious to date. It does require physical access to your iPhone, but if you do lose possession, here's how the bypass works and, more importantly, how you can protect yourself from it.
Note: iMore tested the exploit and its scope before reporting on it. We were able to duplicate it but also get a sense of its ramifications and limitations.
First, in order to get around the passcode lock, this bypass requires that the iPhone be placed into Airplane mode, and that a missed phone call notification be present. When those conditions are met, tapping or swiping the missed call notification will cause a Settings popup to appear on top of whatever app was last active (in the foreground) on the iPhone prior to it being locked. Dismiss the popup and you have access to the app. Just that one app, mind you. Clicking the Home button will take you back to the Lock screen and the passcode, not the Home screen, so the exposure is limited. Based on the last app, however, your privacy and security can be compromised.
Apple will no doubt patch this exploit as soon as they can. In the meantime, how can you protect against it?
- Disable Control Center from the Lock screen. (I keep this disabled permanently, I never want someone to be able to put my phone in Airplane mode without the Passcode or Touch ID.)
What if, for some reason, you don't want to disable Control Center?
Or, more specifically:
If even that is too much for you:
- Make sure you never leave your iPhone in Airplane mode and always go to Home screen before locking your iPhone.
If the Home screen (SpringBoard) is the last thing in the foreground, the exploit simply doesn't work.
Usually Lock screen bypasses are limited to system apps whose contents are left unlocked to support certain convenience-based features from the lock screen. i.e. - it makes sense that lock screen bypasses in the past gave an attacker access to Contacts, because you can receive calls while on the lock screen, and caller information is shown. In this case it's unclear why the contents of the last foregrounded app are unencrypted.
Again, Apple's security team is top notch and they're usually quick to patch exploits, so until they do make sure you take steps to protect yourself and your data, and if you have any questions, ask away!
Nick Arnott contributed to this article
Apple picks up an Engineering Emmy Award for its Apple ProRes video codec
Apple has picked up an Emmy Award, but it's nothing to do with Apple TV+.
Apple One is now available – here's how to get it
Apple One is finally here and now is your chance to save some money on all the individual Apple subscriptions you're already paying for.
iPhone 12 Pro review: Flat-out incredible
The iPhone 12 Pro may not stand head and shoulders above the iPhone 12 like the 11 Pro did over the 11, but this is still Apple's most well-rounded phone. Even though it's flat.
Keep an eye on the front door with the best HomeKit video doorbells
HomeKit video doorbells are a great way to keep an eye on those precious packages at your front door. While there are just a few to choose from, these are the best HomeKit options available.