Stop iPhone Thieves from Exploiting Control Center in iOS 7

We’ve already seen a few security exploits pop up in iOS 7, some of which are fairly trivial and others can be pretty serious. However, another security concern has been discovered that’s been right in front of our eyes the whole time. Someone who steals your iPhone can easily prevent you from remote wiping it by putting the device in airplane mode, even while the iPhone is locked with a passcode.

The trick is dead simple. iOS 7 allows you to access Control Center from the lock screen. From here, you can disable airplane mode without even attempting to enter in the passcode to unlock the device. This means that if someone were to steal your iPhone, they could immediately turn on Airplane Mode whether or not the phone has a passcode lock on it, which will completely take the phone off the grid and prevent the owner from locating the stolen device or remote wiping it. The scenario is played out in the beginning of a new video from security research firm SRLabs:

However, there’s a simple fix that you can use to prevent something like this from happening to you if your iPhone ever gets stolen. Simply open up the Settings app and tap on Control Center. You’ll see two options that you can toggle on and off: Access on Lock Screen and Access Within Apps. Make sure that Access on Lock Screen is disabled. This means that crooks won’t be able to access Airplane Mode while the phone is locked.

2013-10-04 13.05.16This trick obviously isn’t foolproof, and it doesn’t guarantee that you’ll be able to successfully locate your stolen phone and remote wipe it, but it could at least buy you some time to log onto on another phone or computer to locate your phone and remote wipe it before the thief eventually gets to a computer with iTunes and wipes it himself, clearing any trace of the phone.

However, there’s another setting that you can enable that will completely erase and wipe the phone after ten failed attempts at entering in a passcode on the lock screen. To enable it, open up the Settings app and navigate to General > Passcode & Fingerprint and scroll to the bottom where it says Erase Data. Enable this feature to have your iPhone automatically wipe itself after 10 failed passcode attempts.

Of course, this won’t magically bring your stolen iPhone back to you, but it’ll at least be another security measure that you can take to make sure that the thief doesn’t get a hold of your personal information that’s stored on your iPhone.