Second Lock Screen Bypass in iOS 6.1 Documented

[MacRumors]

A second iOS 6.1 bug has been discovered that gives access to contacts, photos and more. The vulnerability uses a similar method as the one disclosed previously, though it apparently gives access to more user data when the phone is plugged into a computer.

It was originally posted on the Full Disclosure mailing list. Kaspersky's Threatpost:

Quote:

Similar to the iPhone's passcode vulnerability, the exploit involves manipulating the phone's screenshot function, its emergency call function and its power button. Users can make an emergency call (911 for example) on the phone and then cancel it while toggling the power on and off to get temporary access to the phone. A video posted by the group shows a user flipping through the phone's voicemail list and contacts list while holding down the power button. From there an attacker could get the phone's screen to turn black before it can be connected to a computer via a USB cord. The device's photos, contacts and more "will be available directly from the device hard drive without the pin to access," according to the advisory.

Apple was expected to fix the lock screen bug in iOS 6.1.2, but that small release fixed a different bug. Instead, it appears a fix for at least one of the lock screen vulnerabilities will be coming in iOS 6.1.3, currently in the hands of developers.

Update: As noted by iMore and The Next Web, this vulnerability will only allow file access if the device has previously been synced with the computer without a passcode. Plugging the passcode-protected device, even with the bug exploited, into a different computer will simply generate an error message.

Article Link: Second Lock Screen Bypass in iOS 6.1 Documented

[Radio]

Apple priorities - stop innovation from jailbreak community then fix security issues

[eatrains]

Quote:

Originally Posted by Radio

Apple priorities - stop innovation from jailbreak community then fix security issues

The exploits used by jailbreakers ARE security issues.

[M-O]

Quote:

Originally Posted by Radio

Apple priorities - stop innovation from jailbreak community then fix security issues

? they have come out with two updates since the jailbreak and neither one of them have attempted to close the jailbreak exploit. so...

----------

Quote:

Originally Posted by pjny

Just curious: how do these people find these exploits? It seems to be quite a combination of button presses to test out if you are looking for a flaw. Thanks.

i can't do this when i try. but if someone really wants to get into your phone, they will keep at it. hopefully it will take them longer to do this than it does for me to realize my phone is gone & remote wipe it.

[Mactendo]

Quote:

Originally Posted by Radio

Apple priorities - stop innovation from jailbreak community then fix security issues

Jaibreakers priorities - whining about iOS then whining about Apple

[Radio]

Quote:

Originally Posted by Mactendo

Jaibreakers priorities - whining about iOS then whining about Apple

Why I outta ..

[dave420]

This method allows access to the photos on the phone when hooked up to a computer? That's not news you can always do that, even with a passcode. Smebody posted a complaint bout it on the iPhone forum and everyone criticized the poster for actually wanting to put private photos on their camera roll.

[kbmb]

I thought if you had physical access to the phone.....then you can always get data off it.... regardless of whether it has a passcode lock or not?

Not through iTunes....but using any number of 3rd party apps that can see the data on the phone.

-Kevin

[Intell]

Quote:

Originally Posted by dave420

This method allows access to the photos on the phone when hooked up to a computer? That's not news you can always do that, even with a passcode. Smebody posted a complaint bout it on the iPhone forum and everyone criticized the poster for actually wanting to put private photos on their camera roll.

Quote:

Originally Posted by kbmb

I thought if you had physical access to the phone.....then you can always get data off it.... regardless of whether it has a passcode lock or not?

Not through iTunes....but using any number of 3rd party apps that can see the data on the phone.

-Kevin

When an iOS device that has been locked with a passcode is connect to a computer that it has never been connected to before, it will not let the computer access any information on the device. The device must be locked so that the passcode is needed to unlock it. Once you connect the device to a computer when it is unlocked, that computer becomes authorized to iOS to allow it to browse the device's contents. No third party utility can get around this lockout, neither can a computer's PTP access.

[kbmb]

Quote:

Originally Posted by Intell

When an iOS device that has been locked with a passcode is connect to a computer that it has never been connected to before, it will not let the computer access any information on the device. The device must be locked so that the passcode is needed to unlock it. Once you connect the device to a computer when it is unlocked, that computer becomes authorized to iOS to allow it to browse the device's contents. No third party utility can get around this lockout, neither can a computer's PTP access.

Thanks for the info!

-Kevin

[extricated]

No doubt a serious issue, yet there's something pretty amusing to me about the steps required to get past the lockscreen (not to mention what must have been done in order to discover the bug in the first place).

[spazzcat]

Quote:

Originally Posted by extricated

No doubt a serious issue, yet there's something pretty amusing to me about the steps required to get past the lockscreen (not to mention what must have been done in order to discover the bug in the first place).

Some people have way too much time. Also, does this only work if you have a simple passcode set?

[el-John-o]

Quote:

Originally Posted by kbmb

I thought if you had physical access to the phone.....then you can always get data off it.... regardless of whether it has a passcode lock or not?

Not through iTunes....but using any number of 3rd party apps that can see the data on the phone.

-Kevin

Not when there is a passcode on it. When there is a passcode, the phone won't mount as a 'camera' like it can unlocked, and apps like iExplorer cannot access the drive

[morespce54]

Quote:

Originally Posted by el-John-o

Not when there is a passcode on it. When there is a passcode, the phone won't mount as a 'camera' like it can unlocked, and apps like iExplorer cannot access the drive

I have to disagree. I can use my iPhone with a (simple) passcode and add/retrieve data with iExplorer whenever I want. I have to admit that I am using a Macbook that I previously used to sync my phone.

[Intell]

Quote:

Originally Posted by morespce54

I have to disagree. I can use my iPhone with a (simple) passcode and add/retrieve data with iExplorer whenever I want. I have to admit that I am using a Macbook that I previously used to sync my phone.

That's because your computer has been authenticated with your iPhone. Try that on a computer that has never been connected to your phone before and make sure the phone is locked so that the passcode is needed to get to the homescreen. You won't be able to see the pictures or browse its contents.

[el-John-o]

Quote:

Originally Posted by morespce54

I have to disagree. I can use my iPhone with a (simple) passcode and add/retrieve data with iExplorer whenever I want. I have to admit that I am using a Macbook that I previously used to sync my phone.

There's the key right there, you've synced it to iTunes. So if someone had physical access to both your computer and your iPhone, sure.. but at some point you'll decide that the only secure way to have a smartphone is to not have a smartphone!

If I steal your iPhone when I see it sitting on a table somewhere, take it home; if it has even a simple passcode on it, I won't be able to access it's files.

[Bathplug]

iOS 6 is such a s*** update.

[lunaoso]

I really want to know how people just happen to stumble upon this stuff. It seems almost rediculous when you think about it.

[Fresh Pie]

I like how there's a small chance that the exploiter will call the police on themselves.

[dweezle3]

These guys really have way too much time on their hands...

[gatearray]

Quote:

Originally Posted by dweezle3

These guys really have way too much time on their hands...

ahh, to be 14 years old again without a job...

[anthony11]

Quote:

Originally Posted by lunaoso

I really want to know how people just happen to stumble upon this stuff. It seems almost rediculous when you think about it.

Not nearly as "rediculous" as writing about the "hard drive" in a device that has none.

[lunaoso]

Quote:

Originally Posted by anthony11

Not nearly as "rediculous" as writing about the "hard drive" in a device that has none.

Give me a little leeway. I was typing leftie while doing writing some stuff down.

[furi0usbee]

This is why Apple (and other tech companies) have to hire hackers and people who like to spend time trying this stuff. The reason why these exploits exist is that the programmers program for the way people are supposed to use a device, NOT the way someone intends to use it to circumvent security. You need to have people who are solely looking to crack code or find some obscure exploit somewhere in the emergency dialer....

I used to play shooters for PC/Xbox. Three days after a release, you would see people finding glitches, doing stuff the devs never intended anyone to do. Why don't you just hire these freaks and let them find all this stuff. That would amount to a more secure and better product.

[agitoTech]

If someone has gained physical access to my iDevice to attempt to exploit a security vulnerability, all of my other security practices have failed.