Update 6/30: It appears iOS 7.1.2 has resolved the issue: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode.
A new lock screen bypass has been discovered in iOS 7 that allows anyone to skip the default authentication method. The shocking part about this bypass is that it can be done in under five seconds. This isn’t the first time that lock screen security on iOS has been compromised, but this does require very specific conditions in place in order to work.
It’s important to note that the method used here only provides access to any app that was running in the foreground before the device was locked. While it may not allow full access to an iOS 7 device, different levels of privacy can be breached depending on the app that’s running. We’ve tested and confirmed this method on iOS 7.0.6 and 7.1.1.
In order for the bypass to work, you’ll need to have a missed call in Notification Center and access to Control Center from the lock screen. First, launch any app and lock the device. Next, wake the device and pull up Control Center, put the device in airplane mode, pull down Notification Center, and tap on the missed call. That’s it. You should now have access to the app that was running in the foreground before locking the device.
YouTuber EverythingApplePro first discovered this bypass and has published a video demonstration:
As mentioned above, this won’t completely compromise your device, but depending on the app that was running, it could leave personal information exposed. If you’re concerned with this, the best temporary defense available is to disable Control Center access on the lock screen.
Obviously, this isn’t an acceptable/permanent solution, but it will put a stop to the above method until Apple pushes out an update to patch it. The good news is, we’ve also tested this on iOS 8 beta 1 and fortunately it does not apply. Though that doesn’t make much of a difference as iOS 8 is not scheduled for a public release until later this year.
FTC: We use income earning auto affiliate links. More.