We have seen several security flaws discovered in iOS in the past that let people bypass a user’s lock screen by using a convoluted sequence of taps and swipes. The good news is by the time enough people learn about these vulnerabilities for them to pose a serious threat, they’re often already addressed in an update from Apple. Since so many people update to the latest versions of Apple’s iOS software so quickly, threats are often minimized.
The bad news, however, is that each time one hole is plugged, a new one is discovered.
YouTube user EverythingApplePro on Monday posted a video that outlines a new security flaw in the latest versions of iOS 7.1 and iOS 7. Using a series of actions in certain circumstances, anyone can gain access to an application that was left open at the time an iPhone was locked.
The flaw bypasses the device’s Touch ID, PIN or passcode security completely. In order for the trick to work, the phone must have a missed call in Notification Center. If there is a missed call, a person need only wake the device, pull up the Control Center and enable airplane mode, then pull down the Notification Center and tap the missed call.
Provided an app was left open before the phone was locked, this trick with bypass security complete and reopen that app.
Depending on the app that was left open, this is a potentially serious security flaw that could easily compromise a user’s privacy and leave his or her data at risk.
A video showing how the trick works follows below.