or Connect
AppleInsider › Forums › Mobile › iPhone › New security hole in Apple's iOS 6.1 lets anyone bypass an iPhone's lockscreen
New Posts  All Forums:Forum Nav:

New security hole in Apple's iOS 6.1 lets anyone bypass an iPhone's lockscreen

post #1 of 82
Thread Starter 
A new security flaw discovered in Apple's mobile operating system lets anyone bypass the passcode lock on iPhones running iOS 6.1 in a matter of seconds, revealing access to the phone's contacts, voicemails, and photos.



The method for bypassing the lock screen was documented in a handy video by the folks over at the Jailbreak Nation (above). It involves making -- and then immediately canceling -- an emergency call and holding down the power button a couple of times during the process.

By following the precise steps in the video, anyone can view and modify contacts, listen to your voicemail, and browse your photos (by attempting to add a photo to the accessible contact list). It doesn't appear as if the exploit grants access to email or the web.

AppleInsider was able to verify the glitch using an AT&T model iPhone 5 running iOS 6.1.

Coincidentally, a nearly identical vulnerability reared its ugly head back in October of 2010 when it was discovered that a glitch in iOS 4.1 similarly allowed anyone to access contacts, call history and voicemail on a passcode-locked handset without knowing the numeric entry code required to formally unlock the phone.

The precise steps to reproduce the bypass, for those readers without video access, are as follows:

1. Lock device

2. Slide to unlock

3. Tap emergency call

4. Hold sleep button until the power down prompt shows. Click cancel, you will notice the status bar turn blue. Type in 211 or your emergency number and click call then cancel it asap so the call dosen?t go through.

5. Lock your device with the sleep button then turn it on using the home button.

6. Slide to unlock then hold the sleep button and in 3 seconds tap emergency call. This will cause a conflict in the phone's firmware and cause it to open.
post #2 of 82
I couldn't get this to work on my iphone 5 running iOS 6.1. At the final stage when holding the power button for 4 seconds then tapping cancel, my phone screen just turns off and locks like it would do if the power button was pressed.
post #3 of 82
"Ironically, a nearly identical vulnerability reared its ugly head back in October of 2010 "

Coincidentally, maybe, but Ironically???

Cant see the irony here....

Love it when guys find these little bug things out... I always have to think... what made him do those actions in exactly that order to discover the bug? Do these people sit all day just trying random combinations of actions or is there a "method".
post #4 of 82
Screenlockgate!

Mac Mini (Mid 2011) 2.5 GHz Core i5
120 GB SSD/500 GB HD/8 GB RAM
AMD Radeon HD 6630M 256 MB

Reply

Mac Mini (Mid 2011) 2.5 GHz Core i5
120 GB SSD/500 GB HD/8 GB RAM
AMD Radeon HD 6630M 256 MB

Reply
post #5 of 82
Again? After the similar bug in 2010, they could test a little bit more the unlocking screen!
post #6 of 82
Quote:
Originally Posted by seanie248 View Post

"Ironically, a nearly identical vulnerability reared its ugly head back in October of 2010 "

Coincidentally, maybe, but Ironically???

Cant see the irony here....

Love it when guys find these little bug things out... I always have to think... what made him do those actions in exactly that order to discover the bug? Do these people sit all day just trying random combinations of actions or is there a "method".
 

unfortunately lots of people use "ironically" incorrectly.

 

yes, hackers try to find exploits by any way possible.

post #7 of 82
Interesting that this phone couldn't get a cellular signal (shows searching) and only had a network connection. It then comes up with different languages. Is this how the emergency call works? He also was at 27% battery. What's the icon next to the 27%? It's not the bluetooth icon. What's that double up arrow type thing at the bottom next to the home button?
post #8 of 82
Not sure I'd say "anyone," since it's tricky (verging on impossible?) to achieve, and they've got to get your phone away from you and out of your sight for a while to even attempt it.

PS: Isn't the accepted, responsible practice to report a new bug to the vendor and give them a chance to fix it, BEFORE you tell the world and the criminals? Then collect your fame later? (I wonder what Google's policy is on posting security exploits to YouTube; probably to shrug and take the traffic and ad revenue! Hopefully they'd apply the same policy to a GMail or Android security hole.)

Normally I'd thank anyone for finding an obscure hole to fix, but not when their concern is attention rather than security.
post #9 of 82
Who cares? Not me. No news here.
post #10 of 82
What fascinates me about stuff like this is how it is discovered. Some ODC type with too much time on their hands sitting around randomly pushing buttons? You tell me how somebody figures this out.

And then there's the ethical question of whether to notify Apple and give them some time to fix it before going public. This can actually hurt users. Did this happen in this case? I suspect a lot of these reports are more about 'gotcha' moments and nerd chest thumping than reporting security flaws, more about embarrassing Apple than doing the right thing. Now Apple will be scrambling to issue a patch. Do we really want a hurry up job because somebody went public instead of notifying Apple first? Rushed code patches are a recipe for trouble in my opinion. I'm not suggesting stuff like this be kept quiet or letting Apple sit on it for months without doing something but give them some amount of time to fix it before going public.
Edited by lkrupp - 2/14/13 at 6:01am
post #11 of 82
Quote:
Originally Posted by rcoleman1 View Post

Who cares? Not me. No news here.

 

Ahh, so the buck stops with you, eh? Listen up everyone, rcoleman1 will now dictate what's news and what's not news. Everyone can now go home!

post #12 of 82

Wouldn't be an iOS update if it did not add bugs whilst fixing others. All part of the course.

iPad, Macbook Pro, iPhone, heck I even have iLife! :-)
Reply
iPad, Macbook Pro, iPhone, heck I even have iLife! :-)
Reply
post #13 of 82
Quote:
Originally Posted by seanie248 View Post

"Ironically, a nearly identical vulnerability reared its ugly head back in October of 2010 "

Coincidentally, maybe, but Ironically???

Cant see the irony here....

Love it when guys find these little bug things out... I always have to think... what made him do those actions in exactly that order to discover the bug? Do these people sit all day just trying random combinations of actions or is there a "method".
 

yup... you are right about the use of "ironic" , it is a Stretch...

 

from websters-merriam

 

3a  (1) : incongruity between the actual result of a sequence of events and the normal or expected result (2) : an event or result marked by such incongruity

 

if you assume that once a bug is discovered in a previous version of an OS(and "so-called fixed"), and it appears in a new version of the OS, it is ironic... 

 

it is ironic only if you assume that bugs that are "fixed" stay fixed in the new version... 

 

so the conclusion really is that the iOS4 fix was a "RIGGED" fix, and not a true fix...

 

of course, allowing anything to work before you sign in, is asking for trouble...

post #14 of 82
Quote:
Originally Posted by lkrupp View Post

What fascinates me about stuff like this is how it is discovered. Some ODC type with too much time on their hands sitting around randomly pushing buttons? You tell me how somebody figures this out.

And then there's the ethical question of whether to notify Apple and give them some time to fix it before going public. This can actually hurt users. Did this happen in this case? I suspect a lot of these reports are more about 'gotcha' moments and nerd chest thumping than reporting security flaws, more about embarrassing Apple than doing the right thing. Now Apple will be scrambling to issue a patch. Do we really want a hurry up job because somebody went public instead of notifying Apple first? Rushed code patches are a recipe for trouble in my opinion.

It's all about getting hits on your website.  The Verge will throw this up because they know it will generate clicks even if its stupid to put up a video on YouTube showing people how to hack a device.

post #15 of 82

Or, you could just look over someone's shoulder.  About the same level of accuracy/security.  

 

Seriously though, if anyone is using the passcode lock and thinking it really does much at all for "security," they are dreaming.  

 

It's just there to make nervous people feel more comfortable.  

post #16 of 82
Quote:
Originally Posted by rob53 View Post

Interesting that this phone couldn't get a cellular signal (shows searching) and only had a network connection. It then comes up with different languages. Is this how the emergency call works? He also was at 27% battery. What's the icon next to the 27%? It's not the bluetooth icon. What's that double up arrow type thing at the bottom next to the home button?

Cellular signal: probably doesn't have service

Different languages: hard to say. It shows English and another language

Icon beside battery: Rotation lock icon

Double up arrow: I have no idea what you're seeing. 

post #17 of 82

As expected, this is the top story on the Verge's website. 1rolleyes.gif

post #18 of 82

What a convoluted and difficult to replicate 'hole.' I tried three times and couldn't make it happen.

 

I read on the Internet that if you hold someone's iPhone up to the Sun, you can ready the contents.

 

Run outside and try it.

 

 

 
post #19 of 82

I'm sure this will be top news for all news sites...like its the end of the world.

Mac Mini (Mid 2011) 2.5 GHz Core i5
120 GB SSD/500 GB HD/8 GB RAM
AMD Radeon HD 6630M 256 MB

Reply

Mac Mini (Mid 2011) 2.5 GHz Core i5
120 GB SSD/500 GB HD/8 GB RAM
AMD Radeon HD 6630M 256 MB

Reply
post #20 of 82
I would be interested if it still works if you use the longer password system. It uses a different keypad since it is alpha numeric. Anyone who is serious about protecting data uses more than a 4 digit numeric sequence. They need to fix it, but does it have any real world value? Given the prices zero day flaws are pulling in I would guess not.

Apple sure seems to hold up pretty well against the current effort to paint them in a negative light. This does seem like a good party trick, but not much else.
post #21 of 82

I'm not able to reproduce this on an AT&T iPhone 5.

  Google Maps: ("Directions may be inaccurate, incomplete, dangerous, or prohibited.")

 

  MA497LL/A FB463LL/A MC572LL/A FC060LL/A MD481LL/A MD388LL/A ME344LL/A

Reply

  Google Maps: ("Directions may be inaccurate, incomplete, dangerous, or prohibited.")

 

  MA497LL/A FB463LL/A MC572LL/A FC060LL/A MD481LL/A MD388LL/A ME344LL/A

Reply
post #22 of 82

There’s hacks to bypass the lock screen on Android all together (giving full access) and it’s get minimal tech media attention. Happens on Apple and it's a feature new article on every tech media site with the usual Apple bashing hyperbole.  That's not to say we as users should excuse Apple and I'm hoping that Ive and company are hard at work to refreshen a rather stale OS to include better security features.    

post #23 of 82

I'm not able to duplicate this on 6.1.1 beta 1 on model A1429.  


Edited by ghostface147 - 2/14/13 at 6:52am
post #24 of 82
Quote:
Originally Posted by jungmark View Post

unfortunately lots of people use "ironically" incorrectly.

What you mean is:

Ironically, lots of people use 'ironically' incorrectly.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #25 of 82
Quote:
Originally Posted by lkrupp View Post

What fascinates me about stuff like this is how it is discovered. Some ODC type with too much time on their hands sitting around randomly pushing buttons? You tell me how somebody figures this out.

And then there's the ethical question of whether to notify Apple and give them some time to fix it before going public. This can actually hurt users. Did this happen in this case? I suspect a lot of these reports are more about 'gotcha' moments and nerd chest thumping than reporting security flaws, more about embarrassing Apple than doing the right thing. Now Apple will be scrambling to issue a patch. Do we really want a hurry up job because somebody went public instead of notifying Apple first? Rushed code patches are a recipe for trouble in my opinion. I'm not suggesting stuff like this be kept quiet or letting Apple sit on it for months without doing something but give them some amount of time to fix it before going public.


Prove that he did not notify Apple.

 

Then lets talk.

 

Also, this isnt the first time Apple had this issue raised before. According to your logic, now that Apple had months since the last release, shouldn't they now have been fixed?

 

This latest video clearly shows that they certainly havent listened or at least bothered to check it.

"Like I said before, share price will dip into the $400."  - 11/21/12 by Galbi

Reply

"Like I said before, share price will dip into the $400."  - 11/21/12 by Galbi

Reply
post #26 of 82
Quote:
Originally Posted by Galbi View Post

 

This latest video clearly shows that they certainly havent listened or at least bothered to check it.

 

It doesn't clearly show anything. This might not be exactly the same flaw as 4.1, you can't prove they were told ahead of this video being posted, the phone could be jailbroken etc. 

 

unless you have a recording to post of Sir Jony or such telling his peeps not to bother checking or this flaw or saying yeah he got a report so what, you can no more prove they were old etc than others can prove they were not


Edited by charlituna - 2/14/13 at 8:00am
post #27 of 82
Quote:
Originally Posted by lkrupp View Post

What fascinates me about stuff like this is how it is discovered. Some ODC type with too much time on their hands sitting around randomly pushing buttons? You tell me how somebody figures this out.

 

Someone who has disassembled (reverse engineered) parts of iOS, noticed the potential for the bypass, and was able to reproduce it?  I was pretty amazed when I saw what people were capable of discovering via reverse engineering prior to Apple opening iOS up for app development (SDK).

 
Reply
 
Reply
post #28 of 82
Quote:
Originally Posted by charlituna View Post

... unless you have a recording to post of Sir Jony or such telling his peeps not to bother checking or this flaw or saying yeah he got a report so what ... 

 

As humorous as this scenario is, Ive has nothing to do with this, nor should he.  

 

He's a designer.  He knows almost zero about software and nothing about security.  To say he should have oversight on a matter like this is like saying an ice-cream salesman should be in charge of an automobile dealership.  

post #29 of 82
Wow, they can see my photos, modify my contacts (um, they have my phone modifying my contacts is the least of my concerns), and, OH NOs, listen to my voicemail. Do I need to repeat they have your phone? Is this an issue? Of course, but I'm sure it will get fixed before the great "contact modification" craze spreads to far.
post #30 of 82

Whoopee...... like I'm afraid.

post #31 of 82
If anyone actually has the time to go through all that - they can have at er.

How the heck to people come up with this stuff?
post #32 of 82

I understand and agree with reporting security flaws but what purpose is served by telling the general public how to take advantage of it?

Artificial intelligence is no match for natural stupidity.

"A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools."
Reply
Artificial intelligence is no match for natural stupidity.

"A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools."
Reply
post #33 of 82
Quote:
Originally Posted by Gazoobee View Post

 

As humorous as this scenario is, Ive has nothing to do with this, nor should he.  

 

He's a designer.  He knows almost zero about software and nothing about security.  To say he should have oversight on a matter like this is like saying an ice-cream salesman should be in charge of an automobile dealership.  

 

1. I said Sir Jony or such. Try reading the whole thing next time, especially if you are going to post a rebuttal attempting to make me look stupid.

 

2. Just because he's a designer doesn't equal him knowing little about software or security. 

post #34 of 82

By the time you get all that to work, I'll be back from the washroom and at my desk wondering wtf you're trying to do with my phone. 

 

Lmao

post #35 of 82

OK, so Apple made a mistake here. Serious, not serious, whatever. What I want to know is what is AppleInsiders excuse for publishing it? Why? 

You think you can disseminate the information yet not be like the bad people who do it for bad reasons? You're different, of course, it's your duty to pass on info found. It's part of your journalistic integrity to pass on anything impartially and without judgement. Can't go covering it up can we? Oh no, so let's just pass it on, add to the availability of the information yet hold our head up high a wonderful sense of self rightousnes from doing our job so well.

post #36 of 82
Quote:
Originally Posted by rob53 View Post

Interesting that this phone couldn't get a cellular signal (shows searching) and only had a network connection. It then comes up with different languages. Is this how the emergency call works? He also was at 27% battery. What's the icon next to the 27%? It's not the bluetooth icon. What's that double up arrow type thing at the bottom next to the home button?

The thing next to the battery level is the "orientation lock" icon...meaning the phone won't change orientation when you rotate it sideways the way it normally would.  I have no idea what you're talking about regarding "double up arrow" next to the home button...unless you're referring to the double ^ thingys at the bottom of the video...those are part of youtube viewer not part of the video.

post #37 of 82
Quote:
Originally Posted by charlituna View Post

 

1. I said Sir Jony or such. Try reading the whole thing next time, especially if you are going to post a rebuttal attempting to make me look stupid.

 

2. Just because he's a designer doesn't equal him knowing little about software or security. 

 

You are soooo touchy lately, when you used to be one of the pleasanter people on the forum.  1hmm.gif

I tried to be nice actually, apparently it didn't come across.  

 

I will try to stop talking to you at all since the last five times I have you've taken it as some kind of colossal personal insult when it clearly wasn't intended as such, but the truth is I don't always look at *who* it is posting and don't actually keep track of everyone's personality/name etc. 

post #38 of 82
Quote:
Originally Posted by seanie248 View Post

"Ironically, a nearly identical vulnerability reared its ugly head back in October of 2010 "

Coincidentally, maybe, but Ironically???

Cant see the irony here....

Love it when guys find these little bug things out... I always have to think... what made him do those actions in exactly that order to discover the bug? Do these people sit all day just trying random combinations of actions or is there a "method".
 

I was wondering the same thing.  What I find even stronger is that these virus fixing software companies usely have a fix for a virus out as soon as the virus becomes known.  How can they find the virus snd have a "fix" for it shortly thereafter?  Are there employees at these virus software companies writing the virus and the patch for them at the same time?

post #39 of 82
Quote:
Originally Posted by drblank View Post

I was wondering the same thing.  What I find even stronger is that these virus fixing software companies usely have a fix for a virus out as soon as the virus becomes known.  How can they find the virus snd have a "fix" for it shortly thereafter?  Are there employees at these virus software companies writing the virus and the patch for them at the same time?

You are correct....a lot of these security (virus companines) employ people that do nothing but proactivley look for software vulnerabilities. Then they have fixes sorted out for various threats. They also will inform the software maker of the vulnerabilites in advance but they don't always take heed.

Tallest Skil:


"Eventually Google will have their Afghanistan with Oracle and collapse"

"The future is Apple, Google, and a third company that hasn't yet been created."


 


 

Reply

Tallest Skil:


"Eventually Google will have their Afghanistan with Oracle and collapse"

"The future is Apple, Google, and a third company that hasn't yet been created."


 


 

Reply
post #40 of 82

Geezuz....do people actually get PAID to sit around all day and try these weird key sequences on their phones?  I guess I'm glad they have phones..imagine what they'd discover if they only had themselves to play with! lol.gif
 

New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
  • New security hole in Apple's iOS 6.1 lets anyone bypass an iPhone's lockscreen
AppleInsider › Forums › Mobile › iPhone › New security hole in Apple's iOS 6.1 lets anyone bypass an iPhone's lockscreen