Apple says it will fix an embarrassing security flaw on its new iOS 7 software which hackers showed can bypass the lockscreen and access personal data.
The flaw, discovered within hours of iOS 7 becoming publicly available, can be exploited on the iPhone 4S and 5 and gives access to personal data including email, photos, Twitter, Facebook and Flickr. It is exploited via the Control Center function, which is found by swiping up from the bottom of the screen. That offers access to the phone user’s alarms, a calculator, and the camera, as well as frequently-used settings such as Wi-Fi, Bluetooth and Airplane mode.
It appears not to work on the iPhone 5S and 5C.
From the alarms screen, a hacker can use a combination of button presses to access the multitasking manager, bypassing the lockscreen. That offers access to some user data including photos, email, Twitter, Facebook and Flickr accounts: an intruder can email or delete photos, send tweets, read and make Facebook posts and messages, and send text messages, though not read email.
SOURCE: theguardian.com
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.