Once again, Apple has left a security backdoor wide open in a new version of their mobile operating system. iOS 7 allows anyone with physical access to your iPhone to see your private photos and then share them online.
Got fancy new iOS 7 on that iPhone of yours? Beware. There's a super simple bug that can let anyone blow right by your lockscreen and look through your pictures, and even share them.
The process was discovered by Jose Rodriguez, and even though it has quite a few steps, it's super easy to master. Here's how it works:
- Swipe up on the locked phone to get to the control panel
- Open the stopwatch app
- Go over to alarm clock
- Hold the power button until you get the "Power down" prompt
- Hit the cancel button and immediately hit the home button twice, holding it down just a little longer on the second press. Like, buh-baah. It takes a try or two to get the hang of.
Then, bam, you're in the target's multitasking menu and can start goofing around. If you go to the camera app, you'll be treated to unrestricted access to the Photo Stream, and can share the pictures from there with email, Twitter, and more. It's pretty scary. This isn't the first time a bug like this has showed up in iOS either. Hopefully it's the last.
We were able to replicate the bug on an iPhone 4s and an iPhone 5, and Jose has shown it off working on an iPad as well. We can't tell for sure if it works on the iPhone 5S or 5C yet, but there's little reason to think it wouldn't.
We've reached out to Apple for comment, and there's no doubt they'll be issuing a fix in the near future. But in the meantime, just be aware that your photos aren't safe from prying eyes. The prying eyes of an up-to-date nerd, at least. [Jose Rodriguez via Forbes]
Update: You can fight this by turning off the Control Center access on the lockscreen. Just go to Settings, Control Center, and set Lockscreen Access to off. But man, lockscreen Control Center is awesome and it's on by default. So maybe just don't leave your phone with creeps?
Update 2: Apple has told AllThingsD:
Apple takes user security very seriously. We are aware of this issue, and will deliver a fix in a future software update.
Which is good. But also "duh."
Update 3: iOS 7.0.2 is floating around out there now, and it'll fix this exploit. Go pick it up.