An apparent flaw in Apple’s new operating system for its mobile devices allows anyone to access a user’s contact information and social media accounts without entering the security code to unlock the device.
According to ZDNet, the exploit, which has now been widely reported, was discovered first by a soldier based in the Canary Islands, who first posted a YouTube video detailing the vulnerability on Thursday, Sept. 17. That video details the steps to bypass the lockscreen, as described in a post on Forbes.com:
[A]nyone can exploit the bug by swiping up on the lockscreen to access the phone’s ‘control center,’ and then opening the alarm clock. Holding the phone’s sleep button brings up the option to power it off with a swipe. Instead, the intruder can tap ‘cancel’ and double click the home button to enter the phone’s multitasking screen. That offers access to its camera and stored photos, along with the ability to share those photos from the user’s accounts, essentially allowing anyone who grabs the phone to hijack the user’s email, Twitter, or Flickr account.
The far-reaching nature of this breach through the steps described above offer unfettered access to a user’s photos and the sharing functions of those photos. That includes access to social media accounts and emails. And by selecting the option to send a photo by iMessage, it also allows complete access to a user’s contacts, and all information stored therein.
Apple has reportedly acknowledged the mistake and pledged to rectify it in a later software update.
Until this gap is patched, users can prevent this from happening to them by disabling access to the Control Center on the lock screen. Go to Settings, then Control Center, then swipe the option to Access on Lock Screen so that it does not display on the lock screen.
It’s almost expected that new operating platforms on computers and mobile devices alike will have bugs when they first roll out, and Apple is no stranger to controversies surrounding such hiccups. When iOS 6 was rolled out last year, the company scrapped its existing onboard Google Maps app and replaced it with a half-baked navigation tool of its own, Apple Maps, that routinely couldn’t find destinations, gave inaccurate directions — that led to a handful of life-threatening situations — and incorrectly located users with its GPS function. In a rare admission of error, the company publicly acknowledged that app’s flaws and eventually fired its designer.
In addition to being a gigantic security failure, the iOS 7 is an embarrassing gaffe for Apple, which has high hopes for its first major operating system overhaul since founder Steve Jobs died in 2011.