The lock screen of the iPhone 5 has been the subject of constant integrity checks by hackers and security experts everywhere. Last month, two exploits were discovered which allowed hackers, and pretty much anyone who wanted to check the trick out, to bypass the passcode. However, Apple had promised to fix this with the iOS 6.1.3 update.
That particular update rolled out a couple of days ago and reportedly blocked a couple of ways to bypass the passcode on the lock screen. However, we are now hearing that there is another way to bypass the lock screen even on a device running iOS 6.1.3. Ironically, the latest bypass trick is actually easier to perform or reproduce than the previously discovered flaws. However, it does require a SIM ejection tool or a paper clip.
The bug, discovered by YouTube poster "videosdebarraquito", seems to be linked to the voice dialling ability of the phone. With voice dialling turned on, a call can be placed using voice input. While the call is being placed, you have to actually eject the SIM tray in order to glitch it fully. Interestingly, the same YouTube user had also posted a video of one of the earlier lockcode bypass tricks.
Once the glitch is successfully reproduced, the bug will give the hacker or user access to photos and contacts and, like most lock screen bypass bugs, it requires physical access to the device. The contacts access is simple, as the bypass drops you out to the phone interface once the SIM card is ejected and reinserted. Photos can also be accessed through the "assign new picture" function inside the contact creation process. However, this does give anyone access to all albums in the phone.
The voice dialling system has been a part of iPhones much before Siri came into existence. Users can circumvent the latest bug issue entirely by disabling voice dialling in the Settings>General>Passcode screen. Reportedly, another option is to leave Siri on, as the flaw cannot be reproduced when the more modern voice assistant is running.
Apple’s security notes for iOS 6.1.3 stated that “a logic issue existed in the handling of emergency calls from the lock screen. This issue was addressed through improved lock state management.” Unfortunately, whatever Apple tried to plug has not been fully blocked, at least in the case of some iPhones.
Apple is yet to comment on this latest security breach, but we reckon an iOS 6.1.4 update might not be far off.
Published Date: Mar 21, 2013 02:21 pm | Updated Date: Mar 21, 2013 02:21 pm