Thanks to a tip from Miguel Alvarado (who made the video above), 9to5Mac is reporting a bug that could let a thief bypass the protections meant to keep iPhones safe. In iOS 7, iPhones have a built-in security system to keep thieves from using the device themselves or selling it to others. It’s a catch-22, basically: You can’t restore the phone from a backup or disable the iCloud account it’s connected to without turning off the “Find My iPhone” service. But Find My iPhone can’t be turned off without the password to your iCloud account.
But Alvarado’s video shows a bug in iOS 7 that allows a user to bypass all of this security. In the iCloud settings window, you tap the “delete account” button while simultaneously moving the switch to disable Find My iPhone. Then, when iOS 7 asks for a password, you turn off the phone by holding the power button. When you turn the phone back on, you can go back to the iCloud settings and remove the account without being prompted for a password. Then you’re free to restore the phone from another backup, and Find My iPhone won’t be a problem.
This sounds like a pretty devastating bug, but there are two crucial things keeping it from ruining iOS 7 security. First, it’s difficult to replicate and doesn’t always work, so you can hope that whoever steals your phone isn’t able to accomplish it. But second, and more important, the bug is totally irrelevant if you have a passcode on your phone. A secure passcode that’s hard to guess and isn’t written on a sticker on the back of your handset will offer solid protection from this and other security flaws. A kill switch in every phone wouldn’t hurt either.