iOS 7 Beta Vulnerable to Screen-Lock Bypass

2013-06-13T11:31:55
ID THREATPOST:D5BDA090F3721CE3631A3DF1E5B1DBE3
Type threatpost
Reporter Brian Donohue
Modified 2013-06-13T16:26:56

Description

An iPhone user in Spain who downloaded the beta version of Apple iOS 7, which was made available Monday, was able to bypass its screen-lock security feature.

The revamped mobile operating system was unveiled by the Cupertino, California technology giant last week at its annual World Wide Developers Conference in San Francisco. iOS 7 is slated for release sometime in the fall of this year, but the beta has been available all week.

After bypassing the lock screen, Jose Rodriguez recorded a video demonstrating an exploit in which he gains partial access to the phone without having to enter the screen-lock password. He then sent the video to Forbes reporter Andy Greenberg. He and Forbes video producer, Jonathan Hall, reproduced the exploit and posted their video-demo online.

From the video, it appears that new platform lets users access a wider array of features from the lock-screen than in previous versions. One of those features is the device’s calculator, which can be accessed through an up-swipe menu while the device is still locked. In the demo, Hall accesses the calculator, then runs his finger up the screen to bring the up-swipe menu back. He then accesses the phone’s camera as if to take a picture, which is possible in previous iOS versions. However, unlike previous versions, he can now access all of the photos as well. Once he has access to the individual photos he can scroll back to the full camera roll, and, according to Greenberg, access, delete, email, upload or tweet the device’s photos without knowing its passcode.

This isn’t the first time Apple has dealt with iPhone lockscreen bypass issues. In February, we wrote about a flaw in iOS 6.1 that could be exploited to bypass the screen-lock feature and access the device’s phone feature, view and edit contacts, check voicemail and look through photos. All a user needed to do was make an emergency call, cancel the call, and then trick the device into thinking it’s been turned off by holding the lock button twice. Again, later in the same month, researchers found a kernel-glitch in the same version of iOS that could also be exploited to bypass the lock-screen again.

The new operating system offers a substantial redesign with at least two interesting security features. The first is called Activation Lock, and its intent is to guard lost and stolen devices against factory resets. Apple’s iOS 5 introduced the iCloud and a feature called Find My iPhone became part of the iOS default installation. It allows users to track down the GPS location of missing devices through the iCloud and perform various functions, like locking a device, remotely wiping it, or causing it to ring and display a customized message.

Problematically, thieves often perform a factory reset on stolen devices (unless they are trying to mine the devices for data), rendering the Find My iPhone feature useless. In iOS 7 however, performing a factory reset is only possible after a user enters their Apple ID and password. The other feature is a sort of password manager called iCloud Keychain and it allows user to store (in 256-bit AES encryption) and sync passwords and credit card numbers between their various iDevices.

Screenshot from Forbes video.