From a few hours ago, Apple released iOS 7.0.2 which comes with a lot of new improvements and beside this, it fixes lock screen vulnerability which was discovered by some hackers and they were being able to breach your iPhone's data from pictures, contact and some limited data... Today Dany Lisiansky has posted the steps on a YouTube video he recently uploaded which shows another new lock screen vulnerability, but this time on iOS 7.0.2, Apple's latest firmwares..
From the below video, we can conclude that Apple didn't success in fixing this problem, or maybe they thought it will be fixed by releasing this new version.
Here's the video:
iPhone users should not worry about this security breach, it is not a bright spot that thieves know it... So if your device is stolen, no one can breach it or even restore it.
You can test the bug out for yourself, as Lisiansky has outlined the steps in the video’s description:
STEP 1: Make a phone call (with Siri / Voice Control)
STEP 2: Click the FaceTime button
STEP 3: When the FaceTime App appears, click the Sleep button
STEP 4: Unlock the iPhone
STEP 5: Answer and End the FaceTime call at the other end
STEP 6: Wait a few seconds
STEP 7: Done. You are now in the phone app
This might not seem like that big of a deal, but it’s a big flaw in my opinion. While it’s true that you can only use Siri to dial contacts, this bug allows anyone to see your entire list of contacts, your call history, even your voicemail.
It’s just another case of allowing users to do too much from the Lock screen. Of course, you can go into the Settings > General > Passcode & Fingerprint settings, and disable Siri access from the Lock screen until Apple fixes this issue.
Shame on Apple :( ! But to be honest with you, only few people who can do such thing, and probably you can't meet a genius thief who could breach your iPhone's lock screen...
At any rate, I am asking from Apple security team to hurry up and work a lot more to release a new firmware that fixes this problem forever... What do you think guys ? Have you tried the above method ?