Skip to main content

New lock screen bypass discovered in iOS 7, allows access in 5 seconds under certain circumstances (Update: Resolved)

Screen Shot 2014-06-09 at 10.20.44 AM

Update 6/30: It appears iOS 7.1.2 has resolved the issue: A state management issue existed in the handling of the telephony state while in Airplane Mode. This issue was addressed through improved state management while in Airplane Mode.

A new lock screen bypass has been discovered in iOS 7 that allows anyone to skip the default authentication method. The shocking part about this bypass is that it can be done in under five seconds. This isn’t the first time that lock screen security on iOS has been compromised, but this does require very specific conditions in place in order to work.

It’s important to note that the method used here only provides access to any app that was running in the foreground before the device was locked. While it may not allow full access to an iOS 7 device, different levels of privacy can be breached depending on the app that’s running. We’ve tested and confirmed this method on iOS 7.0.6 and 7.1.1.

In order for the bypass to work, you’ll need to have a missed call in Notification Center and access to Control Center from the lock screen. First, launch any app and lock the device. Next, wake the device and pull up Control Center, put the device in airplane mode, pull down Notification Center, and tap on the missed call. That’s it. You should now have access to the app that was running in the foreground before locking the device.

YouTuber EverythingApplePro first discovered this bypass and has published a video demonstration:

[youtube=http://www.youtube.com/watch?v=Hg9Vy7XzGZY]

As mentioned above, this won’t completely compromise your device, but depending on the app that was running, it could leave personal information exposed. If you’re concerned with this, the best temporary defense available is to disable Control Center access on the lock screen.

Obviously, this isn’t an acceptable/permanent solution, but it will put a stop to the above method until Apple pushes out an update to patch it. The good news is, we’ve also tested this on iOS 8 beta 1 and fortunately it does not apply. Though that doesn’t make much of a difference as iOS 8 is not scheduled for a public release until later this year.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. Jassi Sikand - 10 years ago

    Well I guess Apple will have to have a 7.1.2 or a 7.2 (probably the former is it’s only a security update)

  2. Yes. Because you normally take a phone from someone this fast and the person didn’t close their Messages. Of course, because it’s completely normal to remember this step by step. Such a “huge” security hole.

    • jrox16 - 10 years ago

      Well for a platform which very much champions the idea of uber strong security, this is a sad bug. I say this as a lover of Apple and the iPhone. Hopefully a 7.1.2 patch comes out quickly.

      • robertvarga79 - 10 years ago

        There is a distinction we make between theoretical security threat(those which never get exploited in real world scenes), and real ones, exploited in masses! This is not the 2nd group…a non-issue. I think android’s security issues from apps and permissions are greater problems

      • standardpull - 10 years ago

        No, this is not a sad bug. A sad bug is a remote exploit that is easily pursued. With this bug you need physical access to the device, and you need to have the missed call condition and a “sensitive” app running. It isn’t easy to meet the conditions where it could cause damage.

        Now Heartbleed? That was a sad bug. Any jailbreak loophole is a sad bug. Or a failed cert check.

        This one isn’t very sad at all. It ranks as irrelevant compared to the others.

    • robertvarga79 - 10 years ago

      Indeed. It is absolutely not much of a threat, more like a little glitch with not much harm as phone access is still not possible by

  3. Marek - 10 years ago

    Check this in the iOS 8 beta and its fixed in that. Weird then, I guess they know about it, have fixed it for 8, but haven’t got round to releasing a patch for 7 yet.

  4. Lee Palisoc (@leepalisoc) - 10 years ago

    My notification centre and control centre are both disabled on my lock screen. So this bypass thingy discovered by this guy (who’s so amazed that he’s the one who discovered it) can’t be applied on my phone. So I think, the solution for now (before they release an update) is to disable both ‘centres’ on the lock screen.

  5. Siva Venkatesh - 10 years ago

    working in 7.0.4!

  6. Doesn’t work on iPhone 4S with iOS 7.1.1.

  7. milanesig - 10 years ago

    iPhone 5S with iOS 7.1.1 ~ The only app you can have access to is the one I was running before locking the device.

    Did you try?

  8. jamesonvirus - 10 years ago

    I’m using 7.0.4 and I’ve confirmed the breach. But hell! Are there any thieves who are that lucky?

  9. I have been asking for Request for Password on Shut down for years! and it is still not here, here in SA they steal your phone then switch it off and its gone, i cannot trace it in find my iPhone or find friends. but if they are not able to switch if off i can track them with the police. As for this little hack apparently, who leave the access on lock screen on in the first place, stupid! cause they can steal your phone then switch to airplane mode and you cannot trace your phone, its gone again. Oh well.

  10. A more specific mitigation:

    Settings/Notification Center/Phone: Disable Show on Lock Screen.

  11. Doesn’t work on my iPhone 5. I get the message about Airplane mode then it returns me to the lock screen

  12. wileryd (@wileryd) - 10 years ago

    Disable Control center on lock screen. Done.

  13. penska13 - 10 years ago

    I tried this and it works. But, if you lock your phone on the home screen you can’t get to anything. I for one never locked my phone with an app up. So as long as you lock you phone with the home screen showing you have nothing to worry about. Or disable control center on lock screen and you’ll be fine too.

  14. here’s how to by pass ios 7.1.1 lock screen
    https://www.youtube.com/watch?v=FEql_QO22jY

  15. Tim Ragsdale - 10 years ago

    I found another bypass to the lock screen. It’s a full bypass to the main menu of the phone. Hitting the lock screen button and the start button to take a screen shot will completely bypass the lock screen of the IPhone 5. It may take a few attempts, but it will eventually access the phone.

  16. Cawker Juan - 9 years ago

    If it does work somehow can it damage the phone?