A second iOS 7 Lockscreen vulnerability concerns Apple users

A second iOS 7 Lockscreen vulnerability has been found a few days the first one was fixed by Apple. This time attackers can makes call from a locked iPhone.

A new iOS 7 Lockscreen vulnerability has been discovered, the flow allows attackers with physical access to the phone to make calls, including international calls and calls to premium numbers, from a locked iPhone.

The discovery arrived just a few days after that a previous iOS 7 lockscreen vulnerability has been fixed by Apple, the previous flaw alerted Apple community because it allows anyone to bypass the lock screen to access users’ personal data including images and social media account.

The new iOS 7 Lockscreen vulnerability was discovered by Karam Daoud, a 27 year old from the West Bank city of Ramallah in Palestine. The flaw allows attackers. Daoud reported the bug to Apple that announced a fix in the next software update.

The Hacker News portal reported a video in which Karam Daoud shows how to exploit the iOS 7 Lockscreen vulnerability to make calls when the devices is locked and allows only emergency calls.

The video is eloquent, the attacker just needs to dial a number and then rapidly tap the call button until the device proposes a black screen with an Apple logo in the center while the iPhone makes the call to the number dialed.

This is the second iOS 7 Lockscreen vulnerability discovered in a few days and for Apple users accustomed to the high quality of their product it is a surprise. Personally I’m very puzzled by bag just found, it practically seems that lockscreen feature simply hasn’t stressed enough before the release of the product. I also add that on various forums and newspapers many users are submitting numerous bugs that affect the new version of the popular OS … Fortunately Apple is very careful with the security of its customer and will fix all asap.

Pierluigi Paganini

(Security Affairs – Apple, iOS 7 Lockscreen vulnerability, hacking)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.