Another iOS 7 lockscreen bypass has surfaced.
This one lets you make calls anywhere in the world for free.
OK, not really “for free.”
You may not have to pay, but someone does, and that person is the owner, who probably assumed that the “lock” on the phone actually did – how can I put this without sounding tautological? – lock the phone part of the phone.
A keen iOS 7 early adopter from Ramallah in the West Bank, Karam Daoud, now apparently a business development guy but who worked in bug testing in the mobile space in a previous life, found the flaw.
By all accounts, it is reliably exploitable.
Unlike the first widely-publicised lockscreen bypass, there isn’t an easy workaround for this one.
The previous one was the “all your photos are belong to a social network whether you wanted it or not” flaw we wrote about last week.
That one can be worked around by removing access to Control Center from the lockscreen.
The new flaw involves telling the lockscreen you want to make an emergency call, which is a option that, understandably, can’t be turned off. (You can even make emergency calls without a SIM card, let alone with the phone locked – and that really is a feature, not a bug.)
Then you simply dial the number you want – the emergency call interface apparently doesn’t limit what you can dial, merely where you can connect after doing so.
Instead of just pressing [Call], however, you apply bug-finder’s dexterity and press [Call] repeatedly and rapidly.
It seems that if you are insistent enough, and get the cadence of your clicks just right, iOS gives in and connects you to the number anyway.
→ An earlier iOS lockscreen hole involved actally placing emergency calls and then hanging up, hopefully before they went through. We strongly urged you not to try that exploit, even on your own device, as we considered it a rotten, and very likely illegal, thing to do. Here, you use the emergency call screen merely to get the option to dial, but no emergency call is made.
In other news, there’s already been an iOS 7 update, taking superearly adopters to 7.0.1.
But that update doesn’t appear to be a response to either of lockscreen bugs.
Instead, reports Ars Technica, it’s a fix for the fact that:
...the fingerprint scanner's ability to enable iTunes purchases didn't quite work correctly — the iPhone 5S would prompt for a password instead of simply accepting the fingerprint.
So, there’s a bug fix to improve your ability to spend money easily in Apple’s cloud.
Let’s hope there’s another bug fix really quickly that removes the ability for other people to spend your money easily on the mobile network, and to share your private photos with the world.
In the meantime:
- Consider removing the Control Center from the lockscreen to prevent the “photo sharing” lockscreen hole. (See image above.)
- Be wary whom you hand your new iPhone to “so they can have a look-see.”
- If your phone gets lost or stolen, use a mobile control application or contact your service provider to have it locked out of the network as soon as you can.
- Consider sticking with iOS 6.1.3 for the time being, since iOS 7 is much more about new features that security fixes.
But the first of those bugs doesn’t seem to be exploitable for remote code execution; and the second is easily avoided simply by charging your device yourself from a known-good charger or PC.