A LOCK screen flaw has been discovered on the iPhone that means anyone could potentially bypass Apples’s default security and gain access to any apps running in the foreground.
A YouTube user has posted a way of bypassing the need to enter a security code to gain access to any apps left in operation, claiming it can be done in just five seconds.
That means, for example, if the user was using the Amazon store app then potentially a third party could gain access to personal and banking details.
The flaw in the iOS 7 operating system only works in certain circumstances and does not grant full access to the phone’s data and settings, but it does give access to any opened apps that were still running when the phone was locked.
To use the flaw the phone must first have a missed call in the Notification Centre. If there is one, then all a hacker need do is wake the device, go to Control Centre, enable airplane mode and tap the missed call.
Hey presto – any apps running in the foreground will be accessible to the hacker. So far Apple has yet to comment, but it is thought likely that it will be patched in an update. Until that is done the safest way to avoid the problem is to disable Control Centre access on the lock screen.
It is not the first time that lock screen security on the iPhone has been hacked – within 72 hours of iOS7 being released a hack was discovered to easily bypass the lock by using its Siri voice control system and gaining access to the contacts book on a phone. Again it did not grant full access to the phone’s data and apps.
The EWN’s computer expert Trevor Spencer said: “This is a simple but clever manipulation of a system’s weakness. The simplest solution to prevent this kind of misuse is to ensure that your phone is secure. Put it deep in your pocket or in the zipped compartment of your bag and keep the bag with you.
“Using the same common sense that makes you look around and cover your hand before typing in your PIN at the cash machine, will prevent this kind of opportunistic attack. Apple will provide a patch to correct this in time but until they do: OPS (Observe, Protect, Secure).”