Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > News > Tech News > New phone bypass discovered in iOS 7.0.2 lockscreen

New phone bypass discovered in iOS 7.0.2 lockscreen
Thread Tools
NewsPoster
MacNN Staff
Join Date: Jul 2012
Status: Offline
Reply With Quote
Sep 30, 2013, 11:22 AM
 
A newly-documented technique lets people bypass the lockscreen in iOS 7.0.2 and dial any phone number, not just emergency numbers. The method involves waiting for a notification, or forcing one by sending a text message or ejecting the SIM card. Once the notification pops up, a hacker has to swipe right on it while simultaneously swiping up on the Camera icon. While keeping a finger on the Camera icon, a person must then slide to unlock and tap the Emergency Call button. After dialing, hitting the Call button quickly two or three times should crash Springboard, but allow the call to go through once Springboard restarts.

The v7.0.2 update was itself meant to resolve earlier lockscreen vulnerabilities. The person credited with discovering the new bug, Dany Lisiansky, notes that he also recently found a v7.0.2 vulnerability allowing someone to skip the lockscreen via Siri or Voice Control and access photos, emails, and messages. Apple has had a recurring problem with new versions of iOS enabling lockscreen bypasses, which it then has to quickly close.

( Last edited by NewsPoster; Sep 30, 2013 at 11:23 AM. )
     
sammaffei
Fresh-Faced Recruit
Join Date: Sep 2004
Status: Offline
Reply With Quote
Sep 30, 2013, 11:29 AM
 
Apple has determined that it would be cheaper just to fix Dany Lisiansky.
     
coffeetime
Grizzled Veteran
Join Date: Nov 2006
Status: Offline
Reply With Quote
Sep 30, 2013, 12:20 PM
 
Do these people have better thing to do like getting out of the house?
     
markbyrn
Fresh-Faced Recruit
Join Date: Sep 2013
Status: Offline
Reply With Quote
Sep 30, 2013, 12:22 PM
 
A more apt title would be, 'another ridiculously obscure bypass discovered'
     
apostle
Forum Regular
Join Date: Apr 2008
Status: Offline
Reply With Quote
Sep 30, 2013, 12:29 PM
 
Too much time on their hands.

http://www.foldmoney.com/
     
gprovida
Junior Member
Join Date: Feb 2006
Status: Offline
Reply With Quote
Sep 30, 2013, 01:10 PM
 
Sounds like whomever handles QA for Apple security and code development needs to be a whole lot more attentive to design and implementation.
     
mgpalma
Forum Regular
Join Date: Sep 2000
Location: OR, USA
Status: Offline
Reply With Quote
Sep 30, 2013, 01:48 PM
 
While making the vulnerability known to Apple so they can fix it makes sense, it ticks me off that everyone has to publish the bloody method thereby putting everyone more at risk. So instead of being unknown to most, yo now put the method in the hands of the casual crook. Really nice, media. Thanks for nothing.
-
Michael
     
bleee
Mac Enthusiast
Join Date: Mar 2002
Location: Toronto, Canada
Status: Offline
Reply With Quote
Sep 30, 2013, 02:23 PM
 
Given enough time, anyone can pick a lock.
2.66Ghz Mac Pro 2GM Ram 160Gig HD Ati X1900XT, 24" Dell 2407WFP
13.3" Mac Book Core Duo 2GIG Ram 80Gig HD
12" PowerBook 1.5Ghz 1.25GB Ram 60Gig HD
12" iBook 600Mhz (Late 2001) 640MB Ram 30Gig HD
     
qazwart
Junior Member
Join Date: Apr 2001
Location: Edison, NJ 08817
Status: Offline
Reply With Quote
Sep 30, 2013, 03:00 PM
 
The 7.0.2 iOS patch was released yesterday, and the security hole was discovered. Why didn't Apple discover this in their QA testing?

These may be obscure, but once discovered, they quickly spread. There are thousands of people employed by various nefarious organizations banging away in order to discover any security hole that can be exploited.

Maybe Apple should hire these guys to show their QA team how to test security patches.
--
     
nowayoutofmymind
Fresh-Faced Recruit
Join Date: Jun 2007
Status: Offline
Reply With Quote
Sep 30, 2013, 04:53 PM
 
Apple definitely screwed up security many times. They better spend their time doing thorough testing of the security features, instead of redrawing all icons with ugly colors. I cannot understand how such simple steps can bypass a so called security measure. This does not say nice things about the code design group behind those features.
     
Arne_Saknussemm
Forum Regular
Join Date: Apr 2011
Status: Offline
Reply With Quote
Sep 30, 2013, 09:59 PM
 
yep... Apple is crumbling
     
reader50
Administrator
Join Date: Jun 2000
Location: California
Status: Offline
Reply With Quote
Sep 30, 2013, 11:20 PM
 
New policy suggestion for Apple. Anyone who finds a security bug gets hired for at least one year. Tech companies used to make job offers to anyone who was able to hack them.

It's not like with Windows, where the bug reports are endless. OS X / iOS are well designed to begin with. After a few years of bug reports and new hires, nearly all security bugs will have been found. And the hiring will defuse most of the bad press.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Sep 30, 2013, 11:28 PM
 
Originally Posted by coffeetime View Post
Do these people have better thing to do like getting out of the house?

I still don't get what's up with these sort of remarks. We should be grateful that these people are finding these flaws.
     
besson3c
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Sep 30, 2013, 11:31 PM
 
Originally Posted by Arne_Saknussemm View Post
yep... Apple is crumbling
The only thing I understand less than the above is remarks like this and the sentiment behind them, and my lack of understanding has nothing to do with my assessment on Apple's strength as a company.

Why write this? Maybe explaining this will help me understand better...
     
mp1963
Fresh-Faced Recruit
Join Date: Jun 2010
Status: Offline
Reply With Quote
Oct 1, 2013, 01:45 AM
 
I would not call this a "flaw" .. you have to be both deranged and a contortionist to come up with this kind of rubbish.. but if it keeps these sort of people off the streets well ...
     
TheMacMan
Fresh-Faced Recruit
Join Date: Aug 2006
Status: Offline
Reply With Quote
Oct 1, 2013, 01:58 AM
 
There is an easier way. From the lock screen just press and hold the home button until Siri comes on and tell it to dial. Why go through all that non-sense
     
   
Thread Tools
 
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Top
Privacy Policy
All times are GMT -4. The time now is 06:36 AM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,