Apple’s new iPhones have received favourable reactions from both critics and the public, but security flaws have already been found in the new devices less than 24 hours after their launch.
One bug allows individuals to bypass the lockscreen on iPads and iPhones running iOS 7 (the latest version of Apple’s mobile operating system) by taking advantage of a new feature called Control Center.
This allows users to swipe up from the bottom of the screen at any time to provide quick access to basic settings and commonly used apps. Unfortunately, it can also be accessed from the lockscreen , leading to this vulnerability.
Even when the phone has been protected with a passcode, the control center can be accessed from the lockscreen. Clicking on the alarm clock and then ordering the phone to shut down by holding down on the lock button provides a brief moment when you can double tap the home button and move to the phone’s multitasking view.
From there the camera’s camera and photos can be accessed, as well as certain features related to connected social accounts – eg Facebook and Twitter. The video below shows the method in action, as recorded by the 36-year-old Jose Rodriguez, the man who discovered the flaw.
Users can resolve this potential exploit by turning off the option to have the control center accessible from the lockscreen .This can be done by going to the iPhone’s setting, then selecting the menu titled ‘control center’.
A separate bug involves exploiting the advanced functionality offered by Siri, the phone’s personal assistant, by the software update. Users can access Siri from screenlock and instruct it to turn on Airplane mode – disabling the phone’s location tracking services.
This flaw has attracted special attention as its been argued that it effectively negates Apple’s ‘Find My iPhone’ feature - a service that allows users to remotely turn on GPS tracking on their handset if its lost or stolen. However, this sort of tracking can also be foiled by thieves who simply turn off the iPhone and does not represent a failing of the ‘Find My iPhone’ feature itself.
Apple claims that that latest version of their mobile operating system, iOS 7, patched 80 separate security vulnerabilities including a bug from iOS 6.1 that – like this pair of exploits – also bypassed the lock screen.
A spokesperson from Apple told Forbes that the company “takes security very seriously and we’re aware of this issue. We’ll deliver a fix in a future software update.”
As well as these relatively minor bugs, hackers have also launched a campaign to crack Touch ID - the fingerprint sensor in Apple's new iPhone 5s. A reward for the first successful exploit has been crowdsourced from the community, with the current pot standing at more than $15,000 dollars, several bottles of alcohol and "a dirty sex book".