PDA

View Full Version : Second Lock Screen Bypass in iOS 6.1 Documented




MacRumors
Feb 25, 2013, 03:11 PM
http://images.macrumors.com/im/macrumorsthreadlogo.gif (http://www.macrumors.com/2013/02/25/second-lock-screen-bypass-in-ios-6-1-documented/)


http://cdn.macrumors.com/article-new/2013/02/passcode_lock_keypad-250x242.jpgA second iOS 6.1 bug has been discovered that gives access to contacts, photos and more. The vulnerability uses a similar method as the one disclosed previously (http://www.macrumors.com/2013/02/14/ios-6-1-bug-enables-bypassing-passcode-lock-to-access-phone-and-contacts/), though it apparently gives access to more user data when the phone is plugged into a computer.

It was originally posted on the Full Disclosure mailing list (http://seclists.org/fulldisclosure/2013/Feb/90). Kaspersky's Threatpost (http://threatpost.com/en_us/blogs/another-iphone-passcode-bypass-vulnerability-discovered-022513):Similar to the iPhone's passcode vulnerability, the exploit involves manipulating the phone's screenshot function, its emergency call function and its power button. Users can make an emergency call (911 for example) on the phone and then cancel it while toggling the power on and off to get temporary access to the phone. A video posted by the group shows a user flipping through the phone's voicemail list and contacts list while holding down the power button. From there an attacker could get the phone's screen to turn black before it can be connected to a computer via a USB cord. The device's photos, contacts and more "will be available directly from the device hard drive without the pin to access," according to the advisory.oKOj0GMf810
Apple was expected to fix the lock screen bug in iOS 6.1.2, but that small release fixed a different bug (http://www.macrumors.com/2013/02/19/apple-releases-ios-6-1-2-to-address-exchange-calendar-bug/). Instead, it appears a fix for at least one of the lock screen vulnerabilities will be coming in iOS 6.1.3 (http://www.macrumors.com/2013/02/21/apple-seeds-ios-6-1-3-beta-2-to-developers/), currently in the hands of developers.

Update: As noted by iMore (http://www.imore.com/second-ios-lock-screen-bypass-discovered-doesnt-really-expose-filesystem) and The Next Web (http://thenextweb.com/apple/2013/02/26/no-the-new-ios-6-1-lock-screen-bypass-bug-does-not-allow-access-to-the-file-system/), this vulnerability will only allow file access if the device has previously been synced with the computer without a passcode. Plugging the passcode-protected device, even with the bug exploited, into a different computer will simply generate an error message.

Article Link: Second Lock Screen Bypass in iOS 6.1 Documented (http://www.macrumors.com/2013/02/25/second-lock-screen-bypass-in-ios-6-1-documented/)



Radio
Feb 25, 2013, 03:18 PM
Apple priorities - stop innovation from jailbreak community then fix security issues :(

dave420
Feb 25, 2013, 03:20 PM
This method allows access to the photos on the phone when hooked up to a computer? That's not news you can always do that, even with a passcode. Smebody posted a complaint bout it on the iPhone forum and everyone criticized the poster for actually wanting to put private photos on their camera roll.

eatrains
Feb 25, 2013, 03:25 PM
Apple priorities - stop innovation from jailbreak community then fix security issues :(

The exploits used by jailbreakers ARE security issues.

kbmb
Feb 25, 2013, 03:26 PM
I thought if you had physical access to the phone.....then you can always get data off it.... regardless of whether it has a passcode lock or not?

Not through iTunes....but using any number of 3rd party apps that can see the data on the phone.

-Kevin

Intell
Feb 25, 2013, 03:31 PM
This method allows access to the photos on the phone when hooked up to a computer? That's not news you can always do that, even with a passcode. Smebody posted a complaint bout it on the iPhone forum and everyone criticized the poster for actually wanting to put private photos on their camera roll.

I thought if you had physical access to the phone.....then you can always get data off it.... regardless of whether it has a passcode lock or not?

Not through iTunes....but using any number of 3rd party apps that can see the data on the phone.

-Kevin

When an iOS device that has been locked with a passcode is connect to a computer that it has never been connected to before, it will not let the computer access any information on the device. The device must be locked so that the passcode is needed to unlock it. Once you connect the device to a computer when it is unlocked, that computer becomes authorized to iOS to allow it to browse the device's contents. No third party utility can get around this lockout, neither can a computer's PTP access.

extricated
Feb 25, 2013, 03:34 PM
No doubt a serious issue, yet there's something pretty amusing to me about the steps required to get past the lockscreen (not to mention what must have been done in order to discover the bug in the first place).

Bathplug
Feb 25, 2013, 03:39 PM
iOS 6 is such a s*** update.

spazzcat
Feb 25, 2013, 03:41 PM
No doubt a serious issue, yet there's something pretty amusing to me about the steps required to get past the lockscreen (not to mention what must have been done in order to discover the bug in the first place).

Some people have way too much time. Also, does this only work if you have a simple passcode set?

kbmb
Feb 25, 2013, 03:49 PM
When an iOS device that has been locked with a passcode is connect to a computer that it has never been connected to before, it will not let the computer access any information on the device. The device must be locked so that the passcode is needed to unlock it. Once you connect the device to a computer when it is unlocked, that computer becomes authorized to iOS to allow it to browse the device's contents. No third party utility can get around this lockout, neither can a computer's PTP access.

Thanks for the info!

-Kevin

lunaoso
Feb 25, 2013, 03:51 PM
I really want to know how people just happen to stumble upon this stuff. It seems almost rediculous when you think about it.

Fresh Pie
Feb 25, 2013, 04:11 PM
I like how there's a small chance that the exploiter will call the police on themselves.

dweezle3
Feb 25, 2013, 04:30 PM
These guys really have way too much time on their hands...

furi0usbee
Feb 25, 2013, 04:39 PM
This is why Apple (and other tech companies) have to hire hackers and people who like to spend time trying this stuff. The reason why these exploits exist is that the programmers program for the way people are supposed to use a device, NOT the way someone intends to use it to circumvent security. You need to have people who are solely looking to crack code or find some obscure exploit somewhere in the emergency dialer....

I used to play shooters for PC/Xbox. Three days after a release, you would see people finding glitches, doing stuff the devs never intended anyone to do. Why don't you just hire these freaks and let them find all this stuff. That would amount to a more secure and better product.

agitoTech
Feb 25, 2013, 05:21 PM
If someone has gained physical access to my iDevice to attempt to exploit a security vulnerability, all of my other security practices have failed.

gotluck
Feb 25, 2013, 05:23 PM
If someone has gained physical access to my iDevice to attempt to exploit a security vulnerability, all of my other security practices have failed.

This. And this is also why the security holes used by the jailbreak are irrelevant.

seamer
Feb 25, 2013, 05:59 PM
This is why Apple (and other tech companies) have to hire hackers and people who like to spend time trying this stuff. The reason why these exploits exist is that the programmers program for the way people are supposed to use a device, NOT the way someone intends to use it to circumvent security. You need to have people who are solely looking to crack code or find some obscure exploit somewhere in the emergency dialer....

I used to play shooters for PC/Xbox. Three days after a release, you would see people finding glitches, doing stuff the devs never intended anyone to do. Why don't you just hire these freaks and let them find all this stuff. That would amount to a more secure and better product.

Hiring "hackers" is fine in principle. In reality, 99% of the "exploits" found within 3 days of a game launching are most likely revealed by the QA guys who tested the game. Quite often, unless a bug will cause the game to fail a TRC or TCR check, the developers just don't bother. This is largely because of a marketing department who have to meet financial goals rather than quality goals.

I know we're the ones who write spoiler guides for everything ever released, too.

/ex-Quality Assurance peon

jm001
Feb 25, 2013, 06:09 PM
If someone has gained physical access to my iDevice to attempt to exploit a security vulnerability, all of my other security practices have failed.

Exactly they must first get physical access to your iPhone. So first line of defence is keep a close watch on your phone. Know where it is at all times. Keep it physically secure.

marc11
Feb 25, 2013, 06:31 PM
If someone has gained physical access to my iDevice to attempt to exploit a security vulnerability, all of my other security practices have failed.

Wait, so, if you lose your phone by accident; then you just say oh well, any private data I have on it is fair game and that is okay? Then why even have a passcode on it if it can just be hacked and in your words, if someone has physical access to the device then your data is fair game.

I do not see that logic. I for one would like to have the confidence that if someone had access to my device then at the most I have lost the device, easily replaced and I did not lose private data that someone can use for purposes not so easily replaced.

Physical access is not your second line of defence, it is your first line, your second line is rock solid data security which Apple has been failing at recently.

el-John-o
Feb 25, 2013, 06:42 PM
I thought if you had physical access to the phone.....then you can always get data off it.... regardless of whether it has a passcode lock or not?

Not through iTunes....but using any number of 3rd party apps that can see the data on the phone.

-Kevin

Not when there is a passcode on it. When there is a passcode, the phone won't mount as a 'camera' like it can unlocked, and apps like iExplorer cannot access the drive

anthony11
Feb 25, 2013, 06:44 PM
I really want to know how people just happen to stumble upon this stuff. It seems almost rediculous when you think about it.

Not nearly as "rediculous" as writing about the "hard drive" in a device that has none.

NT1440
Feb 25, 2013, 06:44 PM
Wait, so, if you lose your phone by accident; then you just say oh well, any private data I have on it is fair game and that is okay? Then why even have a passcode on it if it can just be hacked and in your words, if someone has physical access to the device then your data is fair game.

No, I lose my phone I boot up my machine, then trace it on icloud, and erase it if its in a location that I know isn't where I lost it.

Very simple.

If apple is failing at security lately, what does the SIII root access bug (now patched) say? I'd say root access is far more serious than access to my pictures and contacts...

Also, you're putting words in that user's mouth, and I'm sure he wouldn't appreciate it.

clockworkorange
Feb 25, 2013, 06:57 PM
Great! another way for my girlfriend to gain access to my phone >_>

good thing I have nothing to hide, but it's annoying when she re-arranges my bloody icons in groups of colors - I then have to spend hours putting everything back in their correct places cause I have OCD like that >_<

marc11
Feb 25, 2013, 07:01 PM
No, I lose my phone I boot up my machine, then trace it on icloud, and erase it if its in a location that I know isn't where I lost it.

Very simple.

If apple is failing at security lately, what does the SIII root access bug (now patched) say? I'd say root access is far more serious than access to my pictures and contacts...

Also, you're putting words in that user's mouth, and I'm sure he wouldn't appreciate it.

I didn't put words in anyones mouth, he said them. I am sure he is old enough to speak for himself and doesn't need you to speak for him....isn't that the same as putting words in his mouth? Double standard much?

Let us leave Android out of an iOS discussion for once, huh? Man, this site and its Android paranoia....every Apple fault has to be balanced with an Android fault for some reason.

As for using Find my iPhone, we all know that is so easy to defeat, it isn't hard to defeat it and you are still giving hackers enough time to get your device, hack into and get your data.

The point is, Apple needs to step up and close these security holes. There is no defending Apple on this; regardless if other devices have security holes or not, we OWN Apple Devices, I could give a rats tail how easy it is to root an SIII when someone gets my iPhone.

NT1440
Feb 25, 2013, 07:03 PM
As for using Find my iPhone, we all know that is so easy to defeat, it isn't hard to defeat it and you are still giving hackers enough time to get your device, hack into and get your data.

The point is, Apple needs to step up and close these security holes. There is no defending Apple on this; regardless if other devices have security holes or not, we OWN Apple Devices, I could give a rats tail how easy it is to root an SIII when someone gets my iPhone.

I can tell from the underlined that you don't actually understand software development. Hackers? Really?

Find me one OS on the planet that doesn't have a security hole somewhere in it. This is a game of patch a hole, find 2 others. Software is not a cut and dry field.

marc11
Feb 25, 2013, 07:11 PM
I can tell from the underlined that you don't actually understand software development. Hackers? Really?

Find me one OS on the planet that doesn't have a security hole somewhere in it. This is a game of patch a hole, find 2 others. Software is not a cut and dry field.

Never said I was a developer, never once, never tried to pretend to be. Okay, hackers, yes, someone that uses a subversive way to gain access to my device without my authority. They used a hack, back door, work around, does it REALLY MATTER what it's called?

You are avoiding the point, I know the game, that is not the point, the point is the Apple apologists that just say oh well, no big deal. No one ever said it was cut and dry, I didn't either, but two exploits inside a couple of weeks, one right after it has been patched is bad and needs to be fixed. That is all I said.

It has nothing to do with other OS having holes, does it, really? Does that make it better? Java has holes, it blows, does that somehow lesson the hole in iOS or make it any less concerning to iOS device users?

I will state my point again, in easy words for you to understand....This exploit and the recent exploit are concerning, Apple needs to step up and plug these holes as quickly as possible.

Period, end of my discussion with you.

NT1440
Feb 25, 2013, 07:16 PM
Never said I was a developer, never once, never tried to pretend to be. Okay, hackers, yes, someone that uses a subversive way to gain access to my device without my authority. They used a hack, back door, work around, does it REALLY MATTER what it's called?

You are avoiding the point, I know the game, that is not the point, the point is the Apple apologists that just say oh well, no big deal. No one ever said it was cut and dry, I didn't either, but two exploits inside a couple of weeks, one right after it has been patched is bad and needs to be fixed. That is all I said.

It has nothing to do with other OS having holes, does it, really? Does that make it better? Java has holes, it blows, does that somehow lesson the hole in iOS or make it any less concerning to iOS device users?

I will state my point again, in easy words for you to understand....This exploit and the recent exploit are concerning, Apple needs to step up and plug these holes as quickly as possible.

Period, end of my discussion with you.

Aw, you were just getting fun.

Timing of exploits? You really don't get the game...

The sky is falling! The sky is falling!

Good day sir.

darkcurse
Feb 25, 2013, 07:27 PM
It seems to me, this has been blown totally out of proportion. The hack itself is pretty fiddly and having read/write access to your device is a big deal sure, but less so if its because of physical access. In the time that some imaginary "attacker" has to try to break into the phone, one could just wipe it remotely via iCloud anyway.

I mean, if someone really wants to get into your phone and they actually have your phone, then there's pretty much no stopping them. And your average thief probably isn't interested in your personal data anyway (they would just wipe it to sell) in which case, again meh.

There is a fix for this though, don't use the simple pin code. Use a more complicated password.

lunaoso
Feb 25, 2013, 07:41 PM
Not nearly as "rediculous" as writing about the "hard drive" in a device that has none.

Give me a little leeway. I was typing leftie while doing writing some stuff down. ;)

vmachiel
Feb 26, 2013, 03:52 AM
Just keep the damn phone in your pocket :p

pjny
Feb 26, 2013, 05:24 AM
Just curious: how do these people find these exploits? It seems to be quite a combination of button presses to test out if you are looking for a flaw. Thanks.

M-O
Feb 26, 2013, 06:13 AM
Apple priorities - stop innovation from jailbreak community then fix security issues :(

? they have come out with two updates since the jailbreak and neither one of them have attempted to close the jailbreak exploit. so...

----------

Just curious: how do these people find these exploits? It seems to be quite a combination of button presses to test out if you are looking for a flaw. Thanks.

i can't do this when i try. but if someone really wants to get into your phone, they will keep at it. hopefully it will take them longer to do this than it does for me to realize my phone is gone & remote wipe it.

Mactendo
Feb 26, 2013, 07:14 AM
Apple priorities - stop innovation from jailbreak community then fix security issues :(

Jaibreakers priorities - whining about iOS then whining about Apple :)

gatearray
Feb 26, 2013, 08:09 AM
These guys really have way too much time on their hands...

ahh, to be 14 years old again without a job... :)

Radio
Feb 26, 2013, 08:45 AM
Jaibreakers priorities - whining about iOS then whining about Apple :)

Why I outta ..

morespce54
Feb 26, 2013, 01:32 PM
Not when there is a passcode on it. When there is a passcode, the phone won't mount as a 'camera' like it can unlocked, and apps like iExplorer cannot access the drive

I have to disagree. I can use my iPhone with a (simple) passcode and add/retrieve data with iExplorer whenever I want. I have to admit that I am using a Macbook that I previously used to sync my phone.

Intell
Feb 26, 2013, 02:12 PM
I have to disagree. I can use my iPhone with a (simple) passcode and add/retrieve data with iExplorer whenever I want. I have to admit that I am using a Macbook that I previously used to sync my phone.

That's because your computer has been authenticated with your iPhone. Try that on a computer that has never been connected to your phone before and make sure the phone is locked so that the passcode is needed to get to the homescreen. You won't be able to see the pictures or browse its contents.

el-John-o
Feb 26, 2013, 04:45 PM
I have to disagree. I can use my iPhone with a (simple) passcode and add/retrieve data with iExplorer whenever I want. I have to admit that I am using a Macbook that I previously used to sync my phone.

There's the key right there, you've synced it to iTunes. So if someone had physical access to both your computer and your iPhone, sure.. but at some point you'll decide that the only secure way to have a smartphone is to not have a smartphone!

If I steal your iPhone when I see it sitting on a table somewhere, take it home; if it has even a simple passcode on it, I won't be able to access it's files.

Intell
Feb 26, 2013, 04:49 PM
If I steal your iPhone when I see it sitting on a table somewhere, take it home; if it has even a simple passcode on it, I won't be able to access it's files.

Unless it's an A4 device or older. Then it's just a very simple matter of a SSH ramdisk. But that's for a whole other thread.

el-John-o
Feb 26, 2013, 04:51 PM
Unless it's an A4 device or older. Then it's just a very simple matter of a SSH ramdisk. But that's for a whole other thread.

Or I'm a skilled hacker with knowledge of exploits that aren't public, or I've installed malware on the device, or I've held you at gunpoint until you give me the passcode, etc.

Like I said. There's reasonably secure, and then there's shivering under your blanket because you've realized crap happens to everyone and there's nothing you can do about it! I'll take reasonable precautions to protect myself and what's important to me, but in the end, you'd go crazy trying to devise a way in which your data is absolutely full-proof.

twigman08
Feb 26, 2013, 10:02 PM
While I agree Apple needs to get these patched, it is very important, I also understand that this just isn't a one day job. Hell it isn't even a week job really!

While the exploits might had been found fast, lots of times it can be very hard for developers to track down these exploits, trying to find the CORRECT fix for them (Apple only using a band-aid fix will only make matter worse in the long run), repeating the exploit over and over, then finding any more obvious bugs this may had caused, testing those out, then digitally releasing the code and getting it out in the public can take a lot longer than it seems most people think. It makes it even worse or harder than this is an OS they are working on. It isn't just a simple App you made or even a game (which are also very hard to debug) where you can find it in a day or two and have a fix out very fast. This is a full fledged OS. They must make sure some other bugs or security flaws were created during this time. Also unlike a simple app or game you can't just create a band-aid fix. It must be a complete fix.

yappco
Mar 1, 2013, 02:09 AM
That was a reason for me to create Vault application (http://www.thevaultapp.com), thanks to it, all my media files are encrypted and even after getting access to my phone storage, they stay safe.