New iOS 7 bug lets anyone make a call from your locked iPhone [VIDEO]

Emergency callApple has already been embarrassed in the last few days with one unpatched bug in iOS 7.0, which allows unauthorised users to bypass the lock screen and gain direct access to your private photos and some apps.

But now another unpleasant bug has been found, which lets anyone make a phone call from your locked iPhone running iOS 7.0.

As Forbes reports, it is possible to fairly easily exploit a vulnerability in iOS 7.0's emergency call function to call *any* phone number.

27-year-old Karam Daoud, a Palestinian living in the West Bank city of Ramallah, demonstrates the flaw in action in the following video:

I tried Daoud's technique for myself on an iPhone 5 - and sure enough, it works.

Here's how you do it for yourself.

  • First get your hands on a locked iPhone running iOS 7.0
  • Rather than try to enter a PIN code, press the "Emergency" button as if you were going to call the Police.
  • Enter any number which you wish to call, and rapidly tap the call button. After a second or two, the screen will go black and an Apple logo appears. Your phone will dial the number.

If that all sounds a little complicated, it isn't. But here's a highly scientific diagram I have put together for the benefit of Apple's developers with the help of some crayons.

How to call on a locked iPhone

In short, you may think your phone is locked - but anyone can make a call from it if they wish. And the call can be to premium rate and international numbers, of course. All being made at your expense.

It's easy to imagine how pranksters might exploit such a feature, so make sure to keep your iPhone running iOS 7.0 safe and close until Apple fixes this bug.

Maybe they should have spent a little more time ensuring that security holes and bugs like this didn't exist, rather than messing about adding bells and whistles...

Tags: , , , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , , , ,

2 Responses

  1. Larry Teh

    September 22, 2013 at 3:12 am #

    I have regretfully installed the IOS7.0 and found my contacts list have been butchered! Many important contact names were lost!
    The interface is so inferior – that I wish I did not update. Can anyone advise how to go back to IOS 5?

    • Bill Thompson in reply to Larry Teh.

      September 26, 2013 at 10:42 pm #

      If you backed up your iPhone before you upgraded then you
      should be able to rollback back but are you sure you really want to
      do that? There is more to it than the way it looks; IOS5 is
      probably two years old now and most apps are made for IOS6/IOS7
      now…

Leave a Reply