New lock screen bypass bug in Apple’s latest iOS

YouTube user VideosdeBarraquito, who discovered the last vulnerability, has repeated the trick with a new video for 6.1.3. showing how to bypass the iPhone passcode lock. This time an age-old tech-tool is required – a paperclip. It’s purpose is to eject the SIM card at precisely the right moment.

The process is to make a call using Voice Control, but to eject the SIM card as soon as the device starts dialing. Once the SIM is ejected, the phone abandons the call – but crucially leaves the iPhone app open. As with the last bug, this provides access to any data available to the app – not a huge amount, but enough to be damaging: voice mail, contacts, photos and video; and of course outgoing phone calls.

ZDNet’s Zack Whittaker has tried to work out what is happening. “When Voice Control is used,” he suggests, “it loads up the phone application in the background, which as it begins to call immediately places this in 'background' mode.” But, briefly, the phone app displays before it transitions away to be replaced by the lock screen. “Removing the SIM card seems to 'confuse' the device, resulting in a pop-up display warning that the SIM card has been removed. This stalls the transition and keeps it in active play.”

Luckily there is a simple workaround for this particular flaw – disable Voice Dial, or where possible enable Siri since this has the same effect. The iOS 6.1.3 upgrade seems to have been partly rushed out to fix VideosdeBarraquito’s previous attack. Given this easy workaround, Apple may not feel quite so pressured to deliver a new fix with similar speed.

What’s hot on Infosecurity Magazine?