I have just discovered a major security flaw in iOS 6.1

[S1RiOS]

Quote:

Originally Posted by paulbennett95

I doubt there was a real flaw, probably a kid trying to get attention/troll.

No tangible information was given and he was sketchy about the topic.

I could be wrong though.

Nooo friends, this Issue will be published on Friday, February 1.
A friend of mine explained in video.
iOS 6.1 Golden Master (final)
Impact: A person with physical access to a locked device may perform any calls.
Description: I think a issue existed in the Emergency Dialer access, which permitted calls via numeric keypad on the locked device. This also discloses the user's contacts, recents calls, favorites, voice mail.... via Phone app.

[falterego]

Quote:

Originally Posted by pmontanarella

I agree,

That is a huge security flaw, it really makes Find my iPhone pointless... Hope Apple changes that in the future. Also it would be cool if you could password protect only certain apps. For example password protect settings to Find my iPhone can't be turned off, by keep the iPhone itself without a pin code, so it's faster to unlock and stuff. Also, have a pin code to turn off the device...

Pietro

Settings > General > Restrictions

Lock down location services and accounts.

[C DM]

Quote:

Originally Posted by S1RiOS

Nooo friends, this Issue will be published on Friday, February 1.
A friend of mine explained in video.
iOS 6.1 Golden Master (final)
Impact: A person with physical access to a locked device may perform any calls.
Description: I think a issue existed in the Emergency Dialer access, which permitted calls via numeric keypad on the locked device. This also discloses the user's contacts, recents calls, favorites, voice mail.... via Phone app.

Let us know when it's published so that we can hopefully look into what it is and what it involves.

[PNutts]

I assume OP is describing the same issue as in this video. The video shows a beta but in the comments he claims it is still valid on 6.1.

[wxman2003]

I guess this would mean something to those that actually lock their screens.

[PNutts]

I searched again. Here's the YouTube video on how to bypass the passcode and I was able to do it on my iPhone 5 iOS 6.1. Sorry OP, couldn't wait until tomorrow.

[C DM]

Quote:

Originally Posted by PNutts

I searched again. Here's the YouTube video on how to bypass the passcode and I was able to do it on my iPhone 5 iOS 6.1. Sorry OP, couldn't wait until tomorrow.

Well, what do you know, it's a bit of an awkward procedure to follow (at least initially), but it does seem to give you access to the full phone app on the phone even though its locked. Interesting what will happen with this and, unless there's some good explanation behind it and/or a reasonable way to disable it from happening, how quickly Apple will get on fixing it.

[mdlooker]

There should be some way to lock the sim card to the phone so if it's pulled out, the phone is inoperable. The only way to "unlock" that sim from the phone is from the owner and carrier or maybe only the owner within their account. That way it wouldn't matter if the phone is turned off or sim pulled out or "find my iphone" turned on or off..the phone would render useless. The "find my iphone" or any other, for that matter, would simply give coordinates to where the phone is.

[scaredpoet]

Quote:

Originally Posted by PNutts

I searched again. Here's the YouTube video on how to bypass the passcode and I was able to do it on my iPhone 5 iOS 6.1. Sorry OP, couldn't wait until tomorrow.

Do you have a simple passcode on your phone?

I've been unable to do it on mine, but I have simple passcode turned off. Not sure if it's because of that, or I'm just not doing it right. mine very briefly shows a keypad and then sidescrolls back to the lock screen.

EDIT: Tried again and got a bit closer this time. I was able t get to a black screen with a light blue status bar at top, but couldn't do anything with it.

[iPhysicist]

The only real security flaw is when someone else but me has access to or is in possession of my phone.

[scaredpoet]

Quote:

Originally Posted by iPhysicist

The only real security flaw is when someone else but me has access to or is in possession of my phone.

If this was such a non-issue, then there would be no need for passcode locks at all. But the reality is, thefts and attempts at unauthorized data retrieval happen all the time, both because iPhones are desirable devices, and because people store desirable data on them.

So yeah, this could be a big deal.

[thekb]

Quote:

Originally Posted by robbyg

Find my iPhone is really a mess. It needs these two fixes.

1) It should have been integrated into the ios like the weather app or any of the others, that way it could not be removed and it should have no Off mode, that should be something that can only be done on the net when you log into the account.

2) It should have worked with the phones serial number or CID so that once you register it the phone remains trackable by you and only you, unless you decide to login into Apple and release the number when your selling or giving away the phone.

If those two things where done it would not matter what the thief did because sooner or later he will have a Sim in the phone or wifi connected and Pow you know exactly where he is and if you can't get your phone back because he's in Nigeria, etc. You will still be able to remotely wipe his phone every week or so just to piss him off.

These are indeed awesome ideas ... but it assumes that Apple wants to find a way to prevent theft of iphones. Reselling iphones to people is a huge moneymaker for them.

But I do give thumbs up for excellent ideas.

[Hephaestus]

Quote:

Originally Posted by Mlrollin91

How exactly is that a major security flaw? So they have access to the phone? I think a larger flaw is being able to turn off the phone when locked, therefore Find My iPhone does not work and the potential for it to be restored and never found.

That's actually a very good point which never even occurred to me. Apple should definitely look at that!

[C DM]

Quote:

Originally Posted by PNutts

I searched again. Here's the YouTube video on how to bypass the passcode and I was able to do it on my iPhone 5 iOS 6.1. Sorry OP, couldn't wait until tomorrow.

I wonder if this is still present with iOS 6.1.1 (either the beta that was released or the new official version that was released for iPhone 4S only just today).

[C DM]

It took a little while, but looks like this flaw is finally getting more attention: http://www.macrumors.com/2013/02/14/...-and-contacts/.

[Bahroo]

I guess the TC really knew the lockcode glitch that is popping up in the news today.

[C DM]

And it looks like Apple is aware of it as well and will be fixing it in an upcoming update: http://www.macrumors.com/2013/02/14/...ftware-update/

[bonskovsky]

this security issue is real #whoknew

Quote:

Originally Posted by S1RiOS

This simple and easy to pull off trick allows for an attacker to bypass an iPhone's pass code and obtain full access (see and edit) to contacts list, list of recent calls, favorite contacts, and even make a call to any phone number on the hacked device and erase the log.
Should I shut up? or should I publish the trick for the iPhone users are prevented?

this guy was serious. #whoknew

now if only they'd address the widespread YouTube issue.

[C DM]

Quote:

Originally Posted by bonskovsky

this security issue is real #whoknew



this guy was serious. #whoknew

now if only they'd address the widespread YouTube issue.

Unrelated to the topic here, but they'll make sure to address the YouTube issue by not addressing it since neither widespread nor real.

[Bahroo]

Apple will release a update to fix the Exchange bug and this lockscreen glitch in a week or less

[MonkeySee....]

Quote:

Originally Posted by MonkeySee....

I can't believe people are replying to this attention seeking thread?

I can't believe I'm replying?

I can't believe I'm still here typing.

Whoops. Seems he wasn't BS'ing.

[MN7119]

I also discovered a bad one. When someone calls me my iPhone rings. Should I contact Apple?