(MoneyWatch) Although Apple's (AAPL) new iOS 7 mobile platform brings a wealth of new features to the iPhone and iPad, some users have uncovered a few security vulnerabilities you should be aware of.
Both of these security issues are related to the operating system's "control center," and it doesn't seem that either of these are critical. Nonetheless, you might deem them important enough to disable the control center on the lock screen, which is where the problems manifest themselves.
The control center is a convenient new feature in iOS 7 that gives you quick access to Airplane Mode, the Wi-Fi and Bluetooth radios, media controls, and a handful of other features by swiping up from the bottom of the screen. In principle, this lets you perform many common configuration tasks without diving deep into the phone's settings. By default, the control center is always one swipe away, whether you're on the lock screen, in an app or on a page full of app tiles.
The problem? You don't need to enter a passcode to get to the control center, and that leads to two issues:
It's possible to disable the "Find My Phone" feature. If your phone is stolen, any thief can easily access the control center, even without your passcode. From there, they can enter airplane mode, which makes it impossible to use any of the Find My Phone features, which include playing a sound remotely, tracking down the phone's exact location or wiping the contents remotely.
While this vulnerability is real, I'm not sure it's a critical failure of Apple's security. Even if a thief turns on airplane mode, the next time they turn it off -- therefore re-establishing contact with the world -- the Find My Phone features will work as designed. The erase option, in fact, can be triggered the moment the phone reconnects.
Someone can access your photos without a passcode. This hack also targets the control center, but requires some finger gymnastics to pull off. As reported in tech blog Lifehacker, here's what you need to do: Turn on the phone and open the control center. Tap the stopwatch and switch to the alarm mode. Then press and hold the power button until you see the "slide to power off" message. Finally, tap cancel and then immediately double-click the Home button. It's not especially intuitive, but you should now be able to go to the camera and switch to the photo library.
Ordinarily, the photo library is blocked, just like all the apps in the app switcher, if you haven't entered the passcode. But there appears to be a brief moment after cancelling the power off command when some permission issues get overlooked.
Do either of these vulnerabilities bother you? If so, you can turn off the control center on the lockscreen. From the settings app, tap control center and then disable Access on Lock Screen.
Photo courtesy of Apple