iOS 7.0.2 bug lets anyone bypass Lock screen passcode to access Phone app?

BY Gautam Prabhu

Published 27 Sep 2013

Yesterday, Apple released iOS 7.0.2 software update to fix the lock screen passcode bug.

The vulnerability allowed anyone to bypass the Lock screen passcode and access sensitive information stored in photos, Twitter, email and more.

It looks like Apple hasn’t fixed all the bugs, as YouTube user Dany Lisiansky has discovered another lock screen vulnerability.

He has provided the following instructions on how to reproduce the bug:

1. Make a phone call (with Siri / Voice Control).
2. Click the FaceTime button.
3. When the FaceTime App appears, click the Sleep button.
4. Unlock the iPhone.
5. Answer and End the FaceTime call at the other end.
6. Wait a few seconds.
7. Done. You are now in the phone app.

Here’s the video where he demonstrates the vulnerability:


Unlike the previous lock screen bug that was fixed in iOS 7.0.2, this lets anyone bypass the lock screen passcode to access just the Phone app, so it is not as serious as the previous one. We couldn’t reproduce the bug as the FaceTime button was greyed out for us, so I am not sure what’s the difference in setup. This does not apply if you have Siri disabled on the Lock screen.

Frankly, I am not too concerned about these lock screen bugs, but I think Apple needs to do a much better job of fixing these vulnerabilities as it is getting quite embarrassing, especially since it looks like finding lock screen bugs is the newest hobby for people with an iOS device.

Let me know what you think in the comments and if you’re able to reproduce the bug.

Thanks Alan for the tip!