Related Links

Top 5 Stories


New lock screen bypass bug in Apple’s latest iOS

21 March 2013

Just one day after Apple’s bug-fixing new iOS 6.1.3 was released – which included a fix to a lock-screen bypass vulnerability and broke the Evasi0n jailbreak tool – a new lock screen bypass is revealed.

YouTube user VideosdeBarraquito, who discovered the last vulnerability, has repeated the trick with a new video for 6.1.3. showing how to bypass the iPhone passcode lock. This time an age-old tech-tool is required – a paperclip. It’s purpose is to eject the SIM card at precisely the right moment.

The process is to make a call using Voice Control, but to eject the SIM card as soon as the device starts dialing. Once the SIM is ejected, the phone abandons the call – but crucially leaves the iPhone app open. As with the last bug, this provides access to any data available to the app – not a huge amount, but enough to be damaging: voice mail, contacts, photos and video; and of course outgoing phone calls.

ZDNet’s Zack Whittaker has tried to work out what is happening. “When Voice Control is used,” he suggests, “it loads up the phone application in the background, which as it begins to call immediately places this in 'background' mode.” But, briefly, the phone app displays before it transitions away to be replaced by the lock screen. “Removing the SIM card seems to 'confuse' the device, resulting in a pop-up display warning that the SIM card has been removed. This stalls the transition and keeps it in active play.”

Luckily there is a simple workaround for this particular flaw – disable Voice Dial, or where possible enable Siri since this has the same effect. The iOS 6.1.3 upgrade seems to have been partly rushed out to fix VideosdeBarraquito’s previous attack. Given this easy workaround, Apple may not feel quite so pressured to deliver a new fix with similar speed.

This article is featured in:
Application Security  •  Wireless and Mobile Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×