A new security bug in iOS 7, which allows anyone to make unauthorised calls from the iPhone lockscreen has reportedly been discovered by a Forbes reader by name Karam Daoud.
The hack apparently takes advantage of a flaw in emergency calling system that allows you to make emergency calls such as 911 in emergencies.
The demo video of the hack in action has been published on Forbes, and several sources confirmed that the hack indeed works as intended.
Here is how to do it: just dial an emergency number on call screen and keep tapping the call button until the app crashes and opens a blank screen with an Apple logo. At this moment, the iPhone calls the number in the background and when the app screen returns the call duration will be displayed.
The video released by Daoud, a 27-year-old resident of Palestinian city of Ramallah who works as a bug tester for a mobile carrier, clearly shows how a passcode-enabled iPhone running iOS 7 can be hacked using the bug.
According to the Forbes report: "Anyone who gets physical access to a locked iPhone running iOS 7 can simply tap "Emergency" on the lock screen, which brings up an emergency calling screen. Then he or she can dial any number and rapidly tap the call button until the phone reverts to an empty screen with an Apple logo at the center and make the call to that number, says Daoud. "Once the black screen appeared, it was pretty clear that this is a bug," says Daoud. "You can dial a number anywhere, any time."
This is the second iOS 7 security bug discovered in the last few days, after Jose Rodriguez unearthed a lockscreen passcode bypass bug which allowed access to photos, emails and tweets on the affected device.
The hack has been successfully replicated by Forbes on two iPhone 5 handsets, while Daoud confirms that it works on older versions of iOS as well. The Forbes report also indicates that Daoud recently contacted Apple about the issue and received confirmation for a bug-fix update in the near future.
Check out the demo video below depicting the iOS 7 security hack in action: