Yet another security flaw has been uncovered in iOS 7. This one enables thieves who steal an iPhone 5S to gain access to it—either by spending a little bit of time uncovering the owner’s passcode or by using a fake fingerprint.

Apple

iOS 7 problems with Airplane Mode

SR Labs, a German security firm, posted a video on YouTube demonstrating the apparent flaw in Apple Inc. (NASDAQ:AAPL)’s iOS 7. The video was spotted by Don Reisinger of CNET. Here’s how the flaw works.

A thief could steal any iPhone which is running iOS 7. As soon as they steal it, they just put it into Airplane Mode, which takes the phone away from Apple Inc. (NASDAQ:AAPL)’s monitoring ability. The company is unable to locate it through the Find My iPhone feature, and it can’t remotely wipe it either. The thief has then bought some time to try to figure out what the user’s passcode was. This is an especially big problem because iOS 7 does not require a passcode to put the iPhone into Airplane Mode.

Another option would involve using the fingerprint sensor in the iPhone 5S. Apparently it’s possible to lift a fingerprint from the screen of the phone and then make a fake print which will be able to unlock the phone.

Resetting user’s Apple ID password

And as if stealing someone’s iPhone and breaking into it weren’t enough, the thief can even reset the user’s Apple ID password. All they have to do is request that it be reset and turn the Wi-Fi on the iPhone back on just long enough to receive the email for the reset. Then the thief has complete control over the user’s Apple ID account, as well as his or her iPhone.

According to the security firm, they were actually able to complete this entire process on the same phone five different times, and Apple Inc. (NASDAQ:AAPL) was apparently never able to see the device long enough to do anything about it.