iOS 7 Bug Lets Users Bypass Passcode Protection

A potentially nasty security vulnerability has been uncovered in iOS 7, which could allow an unauthenticated user to play with emails, social networks and photos on an Apple device running the recently-released operating system.

All the hack requires is for a user to pick up an iPhone or iPad running iOS 7, swipe up to access the control centre and open the alarm clock. Then hold down the power button, but do not power off. Instead tap cancel and double click the home button to access the multitasking screen. From there, it is possible to access photos.

It appears the latter stage of the hack needs to be carried out fairly quickly.

Hacking iOS 7 devices

The video below from Jose Rodriguez, who uncovered the flaw, shows how to bypass the iOS passcode protection:

According to Forbes, Apple is working on a fix. The most-recent iOS 7 update already covered a slew of vulnerabilities, with 41 updates.

iOS 7 has faced much scrutiny from the security community. A crowdfunded bounty was offered earlier this week to the first person who can show how they hacked the Touch ID login system, using just a fingerprint taken from another surface, like a beer glass. Thousands of dollars are already on offer.

Meanwhile, researchers are planning on revealing research that would show weaknesses in iMessage. Apple had previously claimed it was using end-to-end encryption on iMessage, so only the sender and receiver would be able to read messages. It said the company could not decrypt the data.

The weakness resides in the protocol itself, according to researchers from Quarkslab, who are due to present their full findings at the Hack In The Box conference in Asia next month.

What do you know about Internet security? Find out with our quiz!