Settle into your seats for the Return of the Lock-Screen Bypass, Part XVII: The iOS 7-ing. Once again, someone's figured out a way to access data from your iPhone or iPad without entering your lock code. (You do have a lock code, don't you?) As for what makes this time different from all other times, it's the first instance of a bug of this type in Apple's newest OS.
The trick was discovered by Jose Rodriguez, who also discovered similar bugs in iOS 6. In this case, it requires using the new Control Center feature to get into the Clock app, and then uses a bit of fleet-fingered dexterity to bring up the multitasking interface. From there, you'll see images of the other apps you recently had open, though most will have blank screens (pictured above). The only ones that can actually be brought to the foreground are those that Control Center can open, including the Calculator, Clock, and Camera.
[ Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in "Fight Today's Malware," InfoWorld's Shop Talk video. | Keep up with key security issues with InfoWorld's Security Adviser blog and Security Central newsletter. ]
Of them, the Camera app is the most worrying: Despite not having entered the PIN, somebody using this method can access all the pictures you've taken; they can also send such pictures to themselves via the Share pane, as well as see your contacts by trying to Message or email pictures. And as I confirmed myself, they can also post images to Twitter or Facebook.
Apple, for its part, has told multiple news outlets that it's aware of the bug, which it says will be fixed in a future release. Until then, if you're concerned about the bug, it's best to disable access to Control Center from your lock screen in Settings > Control Center.
Stay tuned for the next thrilling installment in the Lock-Screen Bypass series, sure to hit a tech news site near you soon.