A new iOS 7.1.1 iPhone Lock screen bypass has been discovered. Lock screen bypasses in and of themselves aren't new — trying to protect a phone while also allowing access to convenient features results is an incredible tension — but this one can provide access to an app, which makes it one of the most serious to date. It does require physical access to your iPhone, but if you do lose possession, here's how the bypass works and, more importantly, how you can protect yourself from it.
Note: iMore tested the exploit and its scope before reporting on it. We were able to duplicate it but also get a sense of its ramifications and limitations.
First, in order to get around the passcode lock, this bypass requires that the iPhone be placed into Airplane mode, and that a missed phone call notification be present. When those conditions are met, tapping or swiping the missed call notification will cause a Settings popup to appear on top of whatever app was last active (in the foreground) on the iPhone prior to it being locked. Dismiss the popup and you have access to the app. Just that one app, mind you. Clicking the Home button will take you back to the Lock screen and the passcode, not the Home screen, so the exposure is limited. Based on the last app, however, your privacy and security can be compromised.
Apple will no doubt patch this exploit as soon as they can. In the meantime, how can you protect against it?
- Disable Control Center from the Lock screen. (I keep this disabled permanently, I never want someone to be able to put my phone in Airplane mode without the Passcode or Touch ID.)
What if, for some reason, you don't want to disable Control Center?
Or, more specifically:
If even that is too much for you:
- Make sure you never leave your iPhone in Airplane mode and always go to Home screen before locking your iPhone.
If the Home screen (SpringBoard) is the last thing in the foreground, the exploit simply doesn't work.
Usually Lock screen bypasses are limited to system apps whose contents are left unlocked to support certain convenience-based features from the lock screen. i.e. - it makes sense that lock screen bypasses in the past gave an attacker access to Contacts, because you can receive calls while on the lock screen, and caller information is shown. In this case it's unclear why the contents of the last foregrounded app are unencrypted.
Again, Apple's security team is top notch and they're usually quick to patch exploits, so until they do make sure you take steps to protect yourself and your data, and if you have any questions, ask away!
Nick Arnott contributed to this article
Apple releases iPadOS 13.3.1 to fix bugs
Apple has released iPadOS 13.3.1, which fixes a variety of bugs found in iPadOS.
Off-Facebook Activity rolling out to all users in the coming months
Facebook has announced that its new "Off-Facebook Activity" feature is now rolling out to all users.
You can now grab the Surface Duo SDK on macOS
Developers on macOS can now try out and work with the Surface Duo SDK. Just a week after the preview SDK became available on Windows, Microsoft shipped it out to macOS.
Webcam hacking is real, but you can protect yourself with a privacy cover
Here are the best webcam privacy covers available for your MacBook that’ll give you some serious peace of mind.