iOS 7 lock screen bug allows full access to Photos app, contact info

New software comes with new features, but in the case of iOS 7, it also comes with new bugs. Forbes reports that a bug in the new Control Center feature can allow an attacker with physical access to your device full access to your Photos app even if you've protected your phone with a passcode. After following the steps to reproduce the bug, the attacker can open the Camera app from the multitasking window and then open the Photos app from there.

We were able to replicate this bug on an iPhone 4S, iPhone 5, fifth-generation iPod touch, and an iPad mini, so it seems likely that this affects all devices that can be upgraded to iOS 7. The vulnerability was discovered by Jose Rodriguez, who also uncovered a lock screen bug in iOS 6.1.3 (but not the earlier bug in version 6.1).

The bug doesn't allow an intruder to gain unfettered access to much—you can't open apps that can't be opened by Control Center, and even thumbnails of running apps in the multitasking list are totally blank. An attacker can't see what you were looking at the last time you had Safari or Mail open. However, access to the Share menu from the Photos app means that they can view your contacts, send out pictures via the Messages app, and send pictures via any e-mail or social media accounts you've configured. Stored e-mails, passwords, and other non-photo data does not appear to be accessible, and while you can see all of the icons on the device's Home screen, you can't actually launch any of them.

Read 1 remaining paragraphs | Comments