or Connect
AppleInsider › Forums › Mobile › iPhone › New iPhone lock screen flaw found in iOS 6.1.3, grants access to address book and photos
New Posts  All Forums:Forum Nav:

New iPhone lock screen flaw found in iOS 6.1.3, grants access to address book and photos

post #1 of 33
Thread Starter 
Just one day after Apple rolled out the latest iOS 6.1.3, which patched an iPhone lock screen security flaw, a similar bug has been discovered that replicates the bypass albeit in a more involved and limited process.

Passcode Flaw
SIM card dialing bug. | Source: videosdebarraquito via Youtube


The flaw, found on Wednesday by YouTube user "videosdebarraquito," allows unauthorized users access a locked handset's address book and photos by ejecting the SIM card while using voice control to make a call.

It appears that the flaw is limited to iPhones without Siri support, as AppleInsider was not able to reproduce the behavior on an iPhone 5.



As seen in the demonstration video, the process is somewhat more involved than simply dialing and canceling an emergency call. In order to reproduce the bug, a malicious user must be using an iPhone incompatible with Siri, which has Voice Control activated, and have a paper clip or SIM card extraction tool. By holding down the Home button when an iPhone is locked, a user can request a number to be dialed. When the Voice Control system initiates the call, the removal of the SIM card tray, and thus the SIM card, defaults the phone app back to the dialing screen. From there, contacts, photos and recent call information can be accessed.

When Apple released iOS 6.1.3 on Tuesday, the company patched a similar lock screen bug that bypassed the lock screen security code to give low-level access to contact information and other assets available from the phone app.

While Tuesday's discovery is likely to be fixed in an upcoming iOS update, for now users can simply turn off "Voice Control" in the Settings menu to disallow unwanted iPhone access.
post #2 of 33
This is getting a little ridiculous...
post #3 of 33
Quote:
Originally Posted by ombra2105 View Post

This is getting a little ridiculous...

To be fair, who actually uses Voice Control anyway?
post #4 of 33
Originally Posted by AppleInsider View Post
…by ejecting the SIM card while using voice control to make a call.

 

This is probably the stupidest exploit I've ever heard of. This is like Woz getting the students to make weird poses to keep the TV running. 

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #5 of 33
Ousting Scott wasn't such a great idea...
post #6 of 33
Originally Posted by palegolas View Post
Ousting Scott wasn't such a great idea...

 

Implying he's somehow leaking all these exploits or that he personally would have been able to prevent them? 1rolleyes.gif

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #7 of 33
Quote:
Originally Posted by hittrj01 View Post

To be fair, who actually uses Voice Control anyway?

I do. Making calls and and for the Music app, mostly.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #8 of 33
Quote:
Originally Posted by SolipsismX View Post

Quote:
Originally Posted by hittrj01 View Post

To be fair, who actually uses Voice Control anyway?

I do. Making calls and and for the Music app, mostly.

How do you get it to open when Siri is enabled? I tried to ask Siri to open Voice Control and she opened Voice Memos. 

 

Then I asked Siri if I have Voice Control and she replied "I'd rather not say". lol.gif

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #9 of 33
How do they figure these things out? Mind boggling!
post #10 of 33
Quote:
Originally Posted by mstone View Post

How do you get it to open when Siri is enabled? I tried to ask Siri to open Voice Control and she opened Voice Memos. 

Then I asked Siri if I have Voice Control and she replied "I'd rather not say". lol.gif

I may be using a different definition of Voice Control. Siri has replaced what I consider the old style, localized Voice Control for iOS but I still put in that same category of controlling the device by voice, which I also used extensively for contacts and (the then) iPod app as stated previously.

If that is what you are referring to then I know that Voice Control still exists in devices with Siri but you have to disable Siri which will auto-enable it (and auto-disable it when you activate Siri). I wish the local system was more intelligent so that I didn't have to call the Siri servers for items like contacts and playing a album, artist or playlist. Even on LTE with the iPhone 5 it seems noticeably slower than Voice Control on the iPhone 4 for that same task.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #11 of 33
Quote:
Originally Posted by palegolas View Post

Ousting Scott wasn't such a great idea...

 

Quote:
Originally Posted by Tallest Skil View Post

 

Implying he's somehow leaking all these exploits or that he personally would have been able to prevent them? 1rolleyes.gif

 

Some people just can't stop themselves from spewing nonsense. The Internet does this to people.1cool.gif

post #12 of 33
Quote:
Originally Posted by mstone View Post

How do you get it to open when Siri is enabled? I tried to ask Siri to open Voice Control and she opened Voice Memos. 

 

Then I asked Siri if I have Voice Control and she replied "I'd rather not say". lol.gif

 

Well, the article does say that the exploit does not work on phones with Siri support. AI couldn't get it to work on an iPhone 5.

post #13 of 33
Quote:
Originally Posted by lkrupp View Post

Well, the article does say that the exploit does not work on phones with Siri support. AI couldn't get it to work on an iPhone 5.

I be willing to bet it will break on an iPhone 5 too if you disable Siri. I'm not going to try it.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #14 of 33
Quote:
Originally Posted by Yojimbo007 View Post

How do they figure these things out? Mind boggling!

They must have A LOT of extra time on their hands doing huge numbers of trial and error until they get something.

 

Hours upon hours of time wasted....just for their 15 minutes?

Why does Apple bashing and trolling make people feel so good?

Reply

Why does Apple bashing and trolling make people feel so good?

Reply
post #15 of 33
Call one , two, tree. Lol.
This sh*ts getting to be a joke.
post #16 of 33
Quote:
Originally Posted by mstone View Post

I be willing to bet it will break on an iPhone 5 too if you disable Siri. I'm not going to try it.

Considering AI didn't state that they disabled Siri so that the old Voice Control could take over makes it highly likely they didn't.

I'm also not going to test it.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #17 of 33
Quote:
Originally Posted by Kimk69 View Post

Call one , two, tree. Lol.
This sh*ts getting to be a joke.

I wasn't going to say anything but the bigger story is that Voice Control understood what he was saying.

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply

"The real haunted empire?  It's the New York Times." ~SockRolid

"There is no rule that says the best phones must have the largest screen." ~RoundaboutNow

Reply
post #18 of 33
I would imagine Samsung is paying people to make and distribute these findings. It doesn't matter how obscure the exploit is or how few users it might affect, the only message that is likely to filter through to nromal news channels is that iphone security can be bypassed.

The average user is still likely to disclose more personal information to a broader audience by installing a single android application.
post #19 of 33
So maybe this why my Bluetooth in the truck will not sync with my iPhone 5 after I downloaded 6.1.3?
post #20 of 33
Quote:
Originally Posted by Tallest Skil View Post

Implying he's somehow leaking all these exploits or that he personally would have been able to prevent them? 1rolleyes.gif

I agree with others here.. This smells like shill bait by Same-sung... Funny all these exploits seem to coincide with Same-sungs "SAFE" multi million dollar marketing push???
post #21 of 33
Quote:
Originally Posted by mstone View Post

How do you get it to open when Siri is enabled? I tried to ask Siri to open Voice Control and she opened Voice Memos. 

 

Then I asked Siri if I have Voice Control and she replied "I'd rather not say". lol.gif

 

Voice control (and thus this bug) is only used on old model phones now.  If you use Siri or have an iPhone 5 this exploit doesn't work.  

 

So the group affected is users with old hardware or who haven't updated the OS in a long time who also have voice control enabled and also happen to lose their phone and the guy that finds the phone is a criminal and he knows about this exploit because he's a geek and has a SIM ejection pin handy in his pocket.  Even then, he will only be able to see your address book and your camera roll.  

 

So … yeah, really gigantic security hole.  /s

post #22 of 33
Quote:
Originally Posted by Tallest Skil View Post

 

Implying he's somehow leaking all these exploits or that he personally would have been able to prevent them? 1rolleyes.gif

 

Preventing these weird little things is hard with any complex software.

 

its the big bugs like the wifi ones that Scott should have avoided instead of spending time on his moving shadow tricks. those flaws are more likely what got him the boot

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply
post #23 of 33
This is a good find.
It will help strengthen iPhone security.
post #24 of 33
Quote:
Originally Posted by Dunks View Post

I would imagine Samsung is paying people to make and distribute these findings. It doesn't matter how obscure the exploit is or how few users it might affect, the only message that is likely to filter through to nromal news channels is that iphone security can be bypassed.

The average user is still likely to disclose more personal information to a broader audience by installing a single android application.

 

What about Samsing's OWN lock-screen flaws... they sound much worse!

 

http://shkspr.mobi/blog/2013/03/new-bypass-samsung-lockscreen-total-control/

 

This one of a number of flaws ADDED to Android by Samsung:

http://threatpost.com/en_us/blogs/vulnerabilities-continue-weigh-down-samsung-android-phones-032013

 

Having hardware and software come from different companies with entirely different interests and business models is no picnic!

post #25 of 33
Quote:
Originally Posted by SolipsismX View Post

I wasn't going to say anything but the bigger story is that Voice Control understood what he was saying.

Siri is almost certainly an improvement in speech recognition.

I wonder if Apple is mining the rich dataset from Siri to improve their speech recognition.

I believe Apple has to prepare for the possibility (inevitability?) of a future where many appliances have a conversational interface with context awareness.
post #26 of 33

Me got Siri.

 

Me not got problem with exploit.

Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
Better than my Bose, better than my Skullcandy's, listening to Mozart through my LeBron James limited edition PowerBeats by Dre is almost as good as my Sennheisers.
Reply
post #27 of 33
Quote:
Originally Posted by lkrupp View Post


Some people just can't stop themselves from spewing nonsense. The Internet does this to people.1cool.gif
And you are immune?
post #28 of 33
It's almost impressive how some people have the perseverance to figure out such hacks. Wish they would apply their drive and skills to something that would benefit society.
post #29 of 33
Quote:
Originally Posted by hittrj01 View Post

To be fair, who actually uses Voice Control anyway?

I use it for a few giggles when an unintended click-hold happens to bring it up, reminding me that it exists. I quickly lose interest because its recognition is poor and there's little I can get from it. I'm kinda bugged that Apple didn't enable it on iPhone 4.
post #30 of 33
Quote:
Originally Posted by charlituna View Post

Preventing these weird little things is hard with any complex software.

And that's the special pleading meme that the industry uses to get away with zero accountability in software. Stop furthering it because it's not true.

It's actually not so hard, if you engineer the software with modularity AND accountability in mind, from the ground up, testing the hell out of its most basic functionality, getting it solid before adding on top, and making sure the addition of features cannot cause unwanted side effects by way of securing layers from each other (a process Microsoft failed at spectacularly with Explorer.exe addons and the registry itself). These practices aren't new but they've only recently started getting any attention in consumer products.

The market pushers don't like to spend time on that kind of process. It's just features features features! Sell sell sell!! This is where "complexity" really comes from; rushing to market new features intended only to get a new batch of sales. It's not fundamental to the product; it's fundamental to the execution of it.

Occasionally a new sales pitch comes from an actually useful or actually entertaining new feature idea. Sadly, we find those few desirable changes come at cost and with countless features and flaws we didn't ask for. Consumers do not drive the market. The market drives the market.
post #31 of 33
Quote:
Originally Posted by dysamoria View Post

And that's the special pleading meme that the industry uses to get away with zero accountability in software. Stop furthering it because it's not true.

It's actually not so hard, if you engineer the software with modularity AND accountability in mind, from the ground up, testing the hell out of its most basic functionality, getting it solid before adding on top, and making sure the addition of features cannot cause unwanted side effects by way of securing layers from each other (a process Microsoft failed at spectacularly with Explorer.exe addons and the registry itself). These practices aren't new but they've only recently started getting any attention in consumer products.

The market pushers don't like to spend time on that kind of process. It's just features features features! Sell sell sell!! This is where "complexity" really comes from; rushing to market new features intended only to get a new batch of sales. It's not fundamental to the product; it's fundamental to the execution of it.

Occasionally a new sales pitch comes from an actually useful or actually entertaining new feature idea. Sadly, we find those few desirable changes come at cost and with countless features and flaws we didn't ask for. Consumers do not drive the market. The market drives the market.

Please expand on this. This claim seems spurious at best.
post #32 of 33
Go into settings, general, passcode lock. Turn off Siri at lock screen, & if you're wise probably Passbook & Reply with Message as well. Boom, problem solved. Why any of this is considered news worthy is beyond me, just a huge waste of everyone's time.
post #33 of 33
Who spends this much time searching for security hacks on IOS 6. Why not try android, I figure it is real simple.
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
  • New iPhone lock screen flaw found in iOS 6.1.3, grants access to address book and photos
AppleInsider › Forums › Mobile › iPhone › New iPhone lock screen flaw found in iOS 6.1.3, grants access to address book and photos