Just when you thought your iOS Device’s precious data was safe when Apple released iOS 7.0.2… think again. A new lockscreen vulnerability has just been discovered that allows anyone to access the Phone app by doing a complex series of taps. I honestly don’t know how these people end up finding these vulnerabilities, but it looks like Apple will soon be releasing iOS 7.0.3 because this is indeed legit.
The individual responsible for this particular lockscreen vulnerability is Dany Lisiansky. He has posted a YouTube video of how it works and it is a lot more complex than the previous one, but still a threat.
Essentially this particular vulnerability takes advantage of Siri on the lockscreen to gain advantage to the Phone app. Nothing else can be accessed besides the Phone app, but of course from it you can access contact information, place calls and send text messages. As such Apple’s security team can’t be happy.
The steps for reproducing the vulnerability are as follows:
- Make a phone call (with Siri / Voice Control).
- Click the FaceTime button.
- When the FaceTime App appears, click the Sleep button.
- Unlock the iPhone.
- Answer and End the FaceTime call at the other end.
- Wait a few seconds.
- Done. You are now in the phone app.
There is of course a simple solution to those worried about people exploiting this and that is to simply disabling Siri from the Lockscreen.