iOS 7 brought with it a security flaw which allows people to disable the Find My iPhone feature without the need to input a password. This renders the app useless as the location service can be turned off and the owner cannot trace the device.
Find My iPhone can be compromised on handsets running iOS 7.0.4 in just a few steps, which involve changing the account section in iCloud and inputting a false password. There is a video showing the steps over on YouTube.
MacRumors said that they had replicated this on the iPhone and the iPad with iOS 7.0.4. They did say that they could not do it with the same handset running iOS 7.1. So it does look as though the security issues could be fixed with an update.
The flaw only works with a devices that doesn’t have the Passcode or Touch ID enabled as you need to get into the Settings menu, the bug is said not to disable Activation Lock.
Find My iPhone is said to be a useful way of recovering a stolen or lost phone, so the flaw is a huge security concern. At the moment Apple have not made comments
about the exploit.
iOS 7 has seen issues with security ever since it came out last year. back in September a bug was discovered which allowed anyone to gain use of the Control Centre feature and then bypass the passcode protected lock screen.
Then another issue arose which showed that you could make a phone call using Siri on the lock screen and this would open the phone app, which would expose the contact list along with voicemail and call history.
