Another Lock Screen Bypass Bug Discovered in iOS 6.1
Apple released the second beta of iOS 6.1.3 to developers late last week to address a passcode lock bug that plagued many user’s iOS devices. Now, the issue is once again surfacing after a second lock screen bypass bug was discovered in iOS 6.1. The bug gives access to basic information such as contacts and photos, however, gives more information when connected to a computer.
It is likely that Apple will address the newly discovered bug, as well as the old one with the same 6.1.3 update, which is still in beta phase. Security news site, Threatpost, posted on the second lock screen bypass bug and even posted a video of the bug in action and how to manipulate the iPhone into unlocking and revealing personal information.
Similar to the iPhone’s passcode vulnerability, the exploit involves manipulating the phone’s screenshot function, its emergency call function and its power button. Users can make an emergency call (911 for example) on the phone and then cancel it while toggling the power on and off to get temporary access to the phone. A video posted by the group shows a user flipping through the phone’s voicemail list and contacts list while holding down the power button. From there an attacker could get the phone’s screen to turn black before it can be connected to a computer via a USB cord. The device’s photos, contacts and more “will be available directly from the device hard drive without the pin to access,” according to the advisory.
The second lockscreen vulnerability was originally posted on the Full Disclosure mailing list. Apple’s iOS 6 has been plagued with issues since its release last September, including problems with the company’s new Google-less Maps application and Siri. Issues with iOS has led to the ousting of Scott Forstall from Apple, and has put the company’s mobile OS under the criticism of many.