German firm SRL has found another serious security issue in iOS 7 that allows an attacker to access the iPhone and potentially gain control over owner Apple ID
New security issues for iOS 7, a new vulnerability in TouchID Fingerprint Scanner and iCloud has been found by a German security firm SRL. The flaw allows an attacker with a physical access to the locked handset to access to iPhone and potentially gain control over owner’s Apple ID when combined with Touch ID’s vulnerability to fingerprint spoofing.
The experts at SRL discovered that it is possible to activate Airplane mode from the lockscreen, once enabled the mode the handset turns off wireless connectivity making impossible remote control of the handset with the Find My iPhone app (e.g. wipe facility). The lack of protection for Airplane mode could be considered a serious security issue, it makes impossible for the owner to block or wipe the device in case of theft or loss.
Once disabled Internet Connectivity on a stolen device the thief could bypass fingerprint protection accessing to the device as demonstrated in the past weeks. To mitigate the security flaw it is suggested to protect also the Airplane Mode with lockscreen feature.
The SRL team warned also on another concerning circumstance, is the iPhone owner keeps a password reset email account active on a mobile device it is exposed to the risk that the attacker could obtain full control over his AppleId.
Really bad time in terms of security for the new Apple iOS 7.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.