It looks like iOS 7 already has its fair share of security holes, more being brought to light as users and security experts start tinkering with it.
After the
discovery of a Control Center vulnerability that allowed intruders to gain access, to the Photos app and to the user's Messages, Mail, Twitter, Facebook and Flickr accounts via the sharing menu, bypassing the passcode completely, a new security hole that allows anyone to make calls even through a passcode locked iPhone, has been discovered by Karam Daoud.
Reported first by
Forbes, Daoud posted a video that shows him trying to dial a number through a passcode locked iPhone's Emergency number dialler screen. The screen allows users to dial select emergency service numbers and rejects other unassigned numbers. However, as per the video, after many failed attempts, Daoud was able to make a call to the number though the screen went black and displayed an Apple logo.
We tried to reproduce the hack on an iPhone 5 running iOS 7, and were able to see the same black screen and Apple logo after repeated attempts to dial a number, but the phone did not dial the number (the other party didn't get a call).
Daoud claims that he has already got in touch with Apple's security team and briefed them on the security flaw. He said Apple requested more information and a video, and then thanked him and mentioned that the bug would be fixed in an upcoming software update.
The previous Control Center vulnerability raised eyebrows about iOS 7's security. All that someone needs to do is to fire up the Control Center by swiping up from the bottom of the iPhone's lock screen and open the Camera app. Since the phone is locked the intruders would not be able to see anything when they open the Photos app through it. However, they can then launch the Clock app from the control center and hold the iPhone's power/ screen lock button till they see Slide to power off button at the top and Cancel button at the bottom. The intruders then simply need to tap on the Cancel button and quickly press the iPhone's Home button twice to fire up the multitasking menu, where the Camera app would appear (the other open apps would also appear but won't be accessible).
The intruders would be able to access the Photos app through the Camera app and get access to the user's Messages, Mail, Twitter, Facebook and Flickr accounts via the sharing menu.
While it's very easy to prevent the hack as it requires disabling the Control Center's lock screen access, this latest Emergency services hack cannot be prevented at the user's end, and would require Apple to push out a security update that fixes it, as promised.