Screen Shot 2014-06-09 at 10.20.44 AM

Update 6/30: It appears iOS 7.1.2 has resolved the issue: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode.

A new lock screen bypass has been discovered in iOS 7 that allows anyone to skip the default authentication method. The shocking part about this bypass is that it can be done in under five seconds. This isn’t the first time that lock screen security on iOS has been compromised, but this does require very specific conditions in place in order to work.

It’s important to note that the method used here only provides access to any app that was running in the foreground before the device was locked. While it may not allow full access to an iOS 7 device, different levels of privacy can be breached depending on the app that’s running. We’ve tested and confirmed this method on iOS 7.0.6 and 7.1.1.

In order for the bypass to work, you’ll need to have a missed call in Notification Center and access to Control Center from the lock screen. First, launch any app and lock the device. Next, wake the device and pull up Control Center, put the device in airplane mode, pull down Notification Center, and tap on the missed call. That’s it. You should now have access to the app that was running in the foreground before locking the device.

YouTuber EverythingApplePro first discovered this bypass and has published a video demonstration:

As mentioned above, this won’t completely compromise your device, but depending on the app that was running, it could leave personal information exposed. If you’re concerned with this, the best temporary defense available is to disable Control Center access on the lock screen.

Obviously, this isn’t an acceptable/permanent solution, but it will put a stop to the above method until Apple pushes out an update to patch it. The good news is, we’ve also tested this on iOS 8 beta 1 and fortunately it does not apply. Though that doesn’t make much of a difference as iOS 8 is not scheduled for a public release until later this year.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

20 Responses to “New lock screen bypass discovered in iOS 7, allows access in 5 seconds under certain circumstances (Update: Resolved)”

  1. Jassi Sikand says:

    Well I guess Apple will have to have a 7.1.2 or a 7.2 (probably the former is it’s only a security update)

  2. Yes. Because you normally take a phone from someone this fast and the person didn’t close their Messages. Of course, because it’s completely normal to remember this step by step. Such a “huge” security hole.

    • jrox16 says:

      Well for a platform which very much champions the idea of uber strong security, this is a sad bug. I say this as a lover of Apple and the iPhone. Hopefully a 7.1.2 patch comes out quickly.

      • There is a distinction we make between theoretical security threat(those which never get exploited in real world scenes), and real ones, exploited in masses! This is not the 2nd group…a non-issue. I think android’s security issues from apps and permissions are greater problems

      • standardpull says:

        No, this is not a sad bug. A sad bug is a remote exploit that is easily pursued. With this bug you need physical access to the device, and you need to have the missed call condition and a “sensitive” app running. It isn’t easy to meet the conditions where it could cause damage.

        Now Heartbleed? That was a sad bug. Any jailbreak loophole is a sad bug. Or a failed cert check.

        This one isn’t very sad at all. It ranks as irrelevant compared to the others.

    • Indeed. It is absolutely not much of a threat, more like a little glitch with not much harm as phone access is still not possible by

  3. Marek says:

    Check this in the iOS 8 beta and its fixed in that. Weird then, I guess they know about it, have fixed it for 8, but haven’t got round to releasing a patch for 7 yet.

  4. My notification centre and control centre are both disabled on my lock screen. So this bypass thingy discovered by this guy (who’s so amazed that he’s the one who discovered it) can’t be applied on my phone. So I think, the solution for now (before they release an update) is to disable both ‘centres’ on the lock screen.

  5. Doesn’t work on iPhone 4S with iOS 7.1.1.

  6. milanesig says:

    iPhone 5S with iOS 7.1.1 ~ The only app you can have access to is the one I was running before locking the device.

    Did you try?

  7. jamesonvirus says:

    I’m using 7.0.4 and I’ve confirmed the breach. But hell! Are there any thieves who are that lucky?

  8. I have been asking for Request for Password on Shut down for years! and it is still not here, here in SA they steal your phone then switch it off and its gone, i cannot trace it in find my iPhone or find friends. but if they are not able to switch if off i can track them with the police. As for this little hack apparently, who leave the access on lock screen on in the first place, stupid! cause they can steal your phone then switch to airplane mode and you cannot trace your phone, its gone again. Oh well.

  9. A more specific mitigation:

    Settings/Notification Center/Phone: Disable Show on Lock Screen.

  10. Doesn’t work on my iPhone 5. I get the message about Airplane mode then it returns me to the lock screen

  11. Disable Control center on lock screen. Done.

  12. penska13 says:

    I tried this and it works. But, if you lock your phone on the home screen you can’t get to anything. I for one never locked my phone with an app up. So as long as you lock you phone with the home screen showing you have nothing to worry about. Or disable control center on lock screen and you’ll be fine too.

  13. here’s how to by pass ios 7.1.1 lock screen

  14. Tim Ragsdale says:

    I found another bypass to the lock screen. It’s a full bypass to the main menu of the phone. Hitting the lock screen button and the start button to take a screen shot will completely bypass the lock screen of the IPhone 5. It may take a few attempts, but it will eventually access the phone.