Another, But More Dangerous, Lockscreen Exploit Discovered In The iOS 6.1.2 Firmware [Here's How To Perform It]
It looks like Apple has run into some serious troubles with their lockscreen in iOS 6, or the amount of people poking and prying at iOS has increased (take your pick). In iOS 6.1.2 Apple patched a lockscreen bug that allowed users to bypass the lockscreen and access the Phone app.
Now a more serious exploit has been discovered that can get past the lockscreen, access the Phone app and also allow the attacker complete access to your device’s data (photos, messages etc.) if it is plugged into a computer. The original lockscreen bug found on iOS 6.1 didn’t allow the attacker access to all of the devices personal information when plugged in via USB.
ArsTechnica explains the exploit in more detail…
The vulnerability is located in the main login module of the mobile iOS device (iPhone or iPad) when processing to use the screenshot function in combination with the emergency call and power (standby) button. The vulnerability allows the local attacker to bypass the code lock in iTunes and via USB when a black screen bug occurs. The vulnerability can be exploited by local attackers with physical device access without privileged iOS account or required user interaction. Successful exploitation of the vulnerability results in unauthorized device access and information disclosure
It looks like besides patching the Evasi0n iOS 6.x Untethered Jailbreak, iOS 6.1.3 will also be patching this lockscreen bug in the process. Now, I am sure you are wondering… just how do I perform the latest lockscreen vulnerability. Well, assuming you want to try this out on your own device, or impress (scare) your friends, here are the instructions.
- Ensure there is a passcode enabled (obvious) and then lock your device by pressing the sleep / wake button
- Wake the device by tapping the home or sleep button
- Tap the Emergency Call button on the virtual keyboard
- Dial 911 or another emergency call number like 110 or 112 and then IMMEDIATELY hang up the call
- With the call canceled, hit the sleep / wake button to once again put your device in sleep mode, wake it up and then Slide To Unlock
- Now the trickiest part, hold down the sleep / wake button for about 3 seconds and just before the Slide To Power Off window appears tap the Emergency Call Button (while still keep your finger on the sleep / wake button)
- Keep holding the sleep / wake button and you have gained access to the phone app and if plugged in via USB all personal information
Apple has acknowledged the bug and issued a stereotypical statement somewhat along the lines of “Apple takes security very seriously and will issue a fix in a future software update.” So, you can indeed expect it in iOS 6.1.3. Who knows, maybe Apple will release iOS 6.1.3 within the next few days to fix the lockscreen bug, and push iOS 6.1.3 beta 3 to iOS 6.1.4 beta 3.