Yet another bug has been discovered in Apple’s (NASDAQ:AAPL) iOS 7 by security researchers. Germany-based Security Research Labs, or SRL, claims it has found a way to circumvent Apple’s Find My iPhone application that enables users to remotely wipe their lost or stolen iPhones via its connection to the iCloud, reports Reuters.
According to the security research firm, an iPhone thief can block a user’s access via the iCloud by simply putting the device in “airplane” mode. This prevents the iPhone from being detected by the Find My iPhone application.
Next, the SRL researchers created a fake fingerprint in order to bypass the Touch ID authentication system by using a method similar to the one that was successfully used by Germany’s Chaos Computer Club. Several days after the iPhone 5S was released, the Chaos Computer Club was able to hack the iPhone’s fingerprint scanner by creating a latex fingerprint from a high-resolution photograph.
However, SRL said it has improved on the Chaos Computer Club’s method. After gaining access to the iPhone owner’s email account, the security researchers were able to request a new password through Apple’s website. Next, the researchers turned off “airplane” mode just long enough for the device to retrieve the password email, but not long enough for it to be discovered and wiped by the Find My iPhone feature. After resetting the password, the researchers were able to completely take over the iPhone.
Although Apple has not yet responded to SRL’s findings, the security research firm recommends several preventative measures that Apple users can take in order to better protect their iPhones. SRL recommends that eligible users take advantage of Apple’s two-step authentication feature that requires users to enter a 4-digit verification code every time they log in to the My Apple ID webpage. Users can also change the iPhone’s settings so that “airplane” mode cannot be activated when the phone is locked.
It is not uncommon for security researchers to discover security bugs in new software releases such as iOS 7. Besides the widely-publicized Touch ID hack, other researchers have discovered a lockscreen hack and an emergency calling function hack. However, Apple typically provides software patches for security holes as soon as they are discovered and reported.
Follow Nathanael on Twitter (@ArnoldEtan_WSCS)