New security hole in Apple's iOS 6.1 lets anyone bypass an iPhone's lockscreen

Posted:
in iPhone edited January 2014
A new security flaw discovered in Apple's mobile operating system lets anyone bypass the passcode lock on iPhones running iOS 6.1 in a matter of seconds, revealing access to the phone's contacts, voicemails, and photos.





The method for bypassing the lock screen was documented in a handy video by the folks over at the Jailbreak Nation (above). It involves making -- and then immediately canceling -- an emergency call and holding down the power button a couple of times during the process.

By following the precise steps in the video, anyone can view and modify contacts, listen to your voicemail, and browse your photos (by attempting to add a photo to the accessible contact list). It doesn't appear as if the exploit grants access to email or the web.

AppleInsider was able to verify the glitch using an AT&T model iPhone 5 running iOS 6.1.

Coincidentally, a nearly identical vulnerability reared its ugly head back in October of 2010 when it was discovered that a glitch in iOS 4.1 similarly allowed anyone to access contacts, call history and voicemail on a passcode-locked handset without knowing the numeric entry code required to formally unlock the phone.

The precise steps to reproduce the bypass, for those readers without video access, are as follows:

1. Lock device

2. Slide to unlock

3. Tap emergency call

4. Hold sleep button until the power down prompt shows. Click cancel, you will notice the status bar turn blue. Type in 211 or your emergency number and click call then cancel it asap so the call dosen?t go through.

5. Lock your device with the sleep button then turn it on using the home button.

6. Slide to unlock then hold the sleep button and in 3 seconds tap emergency call. This will cause a conflict in the phone's firmware and cause it to open.
«1345

Comments

  • Reply 1 of 83
    neosumneosum Posts: 111member
    I couldn't get this to work on my iphone 5 running iOS 6.1. At the final stage when holding the power button for 4 seconds then tapping cancel, my phone screen just turns off and locks like it would do if the power button was pressed.
  • Reply 2 of 83
    "Ironically, a nearly identical vulnerability reared its ugly head back in October of 2010 "

    Coincidentally, maybe, but Ironically???

    Cant see the irony here....

    Love it when guys find these little bug things out... I always have to think... what made him do those actions in exactly that order to discover the bug? Do these people sit all day just trying random combinations of actions or is there a "method".

  • Reply 3 of 83
    macxpressmacxpress Posts: 4,712member
    Screenlockgate!
  • Reply 4 of 83
    clemynxclemynx Posts: 1,509member
    Again? After the similar bug in 2010, they could test a little bit more the unlocking screen!
  • Reply 5 of 83
    jungmarkjungmark Posts: 6,626member

    Quote:

    Originally Posted by seanie248 View Post



    "Ironically, a nearly identical vulnerability reared its ugly head back in October of 2010 "



    Coincidentally, maybe, but Ironically???



    Cant see the irony here....



    Love it when guys find these little bug things out... I always have to think... what made him do those actions in exactly that order to discover the bug? Do these people sit all day just trying random combinations of actions or is there a "method".

     


    unfortunately lots of people use "ironically" incorrectly.


     


    yes, hackers try to find exploits by any way possible.

  • Reply 6 of 83
    rob53rob53 Posts: 1,974member
    Interesting that this phone couldn't get a cellular signal (shows searching) and only had a network connection. It then comes up with different languages. Is this how the emergency call works? He also was at 27% battery. What's the icon next to the 27%? It's not the bluetooth icon. What's that double up arrow type thing at the bottom next to the home button?
  • Reply 7 of 83
    nagrommenagromme Posts: 2,834member
    Not sure I'd say "anyone," since it's tricky (verging on impossible?) to achieve, and they've got to get your phone away from you and out of your sight for a while to even attempt it.

    PS: Isn't the accepted, responsible practice to report a new bug to the vendor and give them a chance to fix it, BEFORE you tell the world and the criminals? Then collect your fame later? (I wonder what Google's policy is on posting security exploits to YouTube; probably to shrug and take the traffic and ad revenue! Hopefully they'd apply the same policy to a GMail or Android security hole.)

    Normally I'd thank anyone for finding an obscure hole to fix, but not when their concern is attention rather than security.
  • Reply 8 of 83
    Who cares? Not me. No news here.
  • Reply 9 of 83
    lkrupplkrupp Posts: 6,607member
    What fascinates me about stuff like this is how it is discovered. Some ODC type with too much time on their hands sitting around randomly pushing buttons? You tell me how somebody figures this out.

    And then there's the ethical question of whether to notify Apple and give them some time to fix it before going public. This can actually hurt users. Did this happen in this case? I suspect a lot of these reports are more about 'gotcha' moments and nerd chest thumping than reporting security flaws, more about embarrassing Apple than doing the right thing. Now Apple will be scrambling to issue a patch. Do we really want a hurry up job because somebody went public instead of notifying Apple first? Rushed code patches are a recipe for trouble in my opinion. I'm not suggesting stuff like this be kept quiet or letting Apple sit on it for months without doing something but give them some amount of time to fix it before going public.
  • Reply 9 of 83
    mazda 3smazda 3s Posts: 1,560member

    Quote:

    Originally Posted by rcoleman1 View Post



    Who cares? Not me. No news here.


     


    Ahh, so the buck stops with you, eh? Listen up everyone, rcoleman1 will now dictate what's news and what's not news. Everyone can now go home!

  • Reply 11 of 83
    saareksaarek Posts: 1,105member


    Wouldn't be an iOS update if it did not add bugs whilst fixing others. All part of the course.

  • Reply 12 of 83
    haarhaar Posts: 563member

    Quote:

    Originally Posted by seanie248 View Post



    "Ironically, a nearly identical vulnerability reared its ugly head back in October of 2010 "



    Coincidentally, maybe, but Ironically???



    Cant see the irony here....



    Love it when guys find these little bug things out... I always have to think... what made him do those actions in exactly that order to discover the bug? Do these people sit all day just trying random combinations of actions or is there a "method".

     


    yup... you are right about the use of "ironic" , it is a Stretch...


     


    from websters-merriam


     


    3a  (1) : incongruity between the actual result of a sequence of events and the normal or expected result (2) : an event or result marked by such incongruity


     


    if you assume that once a bug is discovered in a previous version of an OS(and "so-called fixed"), and it appears in a new version of the OS, it is ironic... 


     


    it is ironic only if you assume that bugs that are "fixed" stay fixed in the new version... 


     


    so the conclusion really is that the iOS4 fix was a "RIGGED" fix, and not a true fix...


     


    of course, allowing anything to work before you sign in, is asking for trouble...

  • Reply 13 of 83
    rogifanrogifan Posts: 10,669member

    Quote:

    Originally Posted by lkrupp View Post



    What fascinates me about stuff like this is how it is discovered. Some ODC type with too much time on their hands sitting around randomly pushing buttons? You tell me how somebody figures this out.



    And then there's the ethical question of whether to notify Apple and give them some time to fix it before going public. This can actually hurt users. Did this happen in this case? I suspect a lot of these reports are more about 'gotcha' moments and nerd chest thumping than reporting security flaws, more about embarrassing Apple than doing the right thing. Now Apple will be scrambling to issue a patch. Do we really want a hurry up job because somebody went public instead of notifying Apple first? Rushed code patches are a recipe for trouble in my opinion.


    It's all about getting hits on your website.  The Verge will throw this up because they know it will generate clicks even if its stupid to put up a video on YouTube showing people how to hack a device.

  • Reply 14 of 83
    gazoobeegazoobee Posts: 3,754member


    Or, you could just look over someone's shoulder.  About the same level of accuracy/security.  


     


    Seriously though, if anyone is using the passcode lock and thinking it really does much at all for "security," they are dreaming.  


     


    It's just there to make nervous people feel more comfortable.  

  • Reply 15 of 83

    Quote:

    Originally Posted by rob53 View Post



    Interesting that this phone couldn't get a cellular signal (shows searching) and only had a network connection. It then comes up with different languages. Is this how the emergency call works? He also was at 27% battery. What's the icon next to the 27%? It's not the bluetooth icon. What's that double up arrow type thing at the bottom next to the home button?


    Cellular signal: probably doesn't have service


    Different languages: hard to say. It shows English and another language


    Icon beside battery: Rotation lock icon


    Double up arrow: I have no idea what you're seeing. 

  • Reply 16 of 83
    rogifanrogifan Posts: 10,669member


    As expected, this is the top story on the Verge's website. image

  • Reply 17 of 83



    #next_pages_container { width: 5px; hight: 5px; position: absolute; top: -100px; left: -100px; z-index: 2147483647 !important; }
    What a convoluted and difficult to replicate 'hole.' I tried three times and couldn't make it happen.


     


    I read on the Internet that if you hold someone's iPhone up to the Sun, you can ready the contents.


     


    Run outside and try it.


     


     


     

  • Reply 18 of 83
    macxpressmacxpress Posts: 4,712member


    I'm sure this will be top news for all news sites...like its the end of the world.

  • Reply 19 of 83
    I would be interested if it still works if you use the longer password system. It uses a different keypad since it is alpha numeric. Anyone who is serious about protecting data uses more than a 4 digit numeric sequence. They need to fix it, but does it have any real world value? Given the prices zero day flaws are pulling in I would guess not.

    Apple sure seems to hold up pretty well against the current effort to paint them in a negative light. This does seem like a good party trick, but not much else.
  • Reply 20 of 83
    john.bjohn.b Posts: 2,716member


    I'm not able to reproduce this on an AT&T iPhone 5.

Sign In or Register to comment.