Latest iOS 7 bug allows calls to be made from a locked iPhone

Lock screen by-pass uncovered

TODO alt text

Update: This problem appears to have been fixed in the new iOS 7.0.1 update, as tests have shown that the flaw cannot be replicated any more.

Original story below...

An iOS 7 user has discovered a worrying security flaw within the software, which enables calls to be made while the iPhone is locked.

The flaw can be exploited using the emergency call screen that can be accessed from the lock screen. Once the phone's keypad is open, any number can be dialled by repeatedly tapping the call button.

In a video shot by iPhone users Karam Daoud and passed onto Forbes, tapping the call button numberous times causes the screen to go black and the Apple logo to appear.

After that, the call to any number, including international and premium phone numbers is completed as if the phone were unlocked.

Any number, any time

"Once the black screen appeared, it was pretty clear that this is a bug," says Daoud from Ramallah in Palestinian. "You can dial a number anywhere, any time."

He also claims to have repeated the trick on older iPhones running older versions of iOS and enjoyed further success, so it appears the problem is not confined to iOS 7.

The bug is the second security flaw uncovered within iOS 7 since its release in midweek. The first lockscreen vulnerability allowed access to the device's photos and email. However, that required a much more complex combinations of presses and swipes.

Apple says it is working on a fix for the first issue, but is yet to comment on the more recent discovery.

Via Engadget