iOS 6.1 Bug Enables Bypassing Passcode Lock to Access Phone and Contacts

[MacinDoc]

Quote:

Originally Posted by ProVideo

The amount of apologists in this thread is ridiculous. This should not be acceptable and if it was an Android or Windows phone bug then everyone would be blowing their load over how it demonstrates their inferiority.

Already been done. Here too. And here.

Quote:

Originally Posted by ProVideo

You would think Apple would have learned to fully check out every scenario to bypass the lock after the previous bugs to do so.

You seriously think that software engineers can think of every possible combination of swipes, pauses and button presses that thousands of hackers could attempt in thousands of hours using their iPhones? Realistically, there is no such thing as absolute security, short of requiring biometric input to unlock (rumored to be coming to the next iPhone), and there are ways to bypass even that.

[TitoC]

Quote:

Originally Posted by MacRumors

Update: One MacRumors reader notes that the technique does not appear to work if the user has turned off the "simple passcode" option to allow for more complex passcodes.

Another good reason I'm glad I don't use the "simple passcode" method but instead use a bit more complicated passcode.

[MacFly123]

Quote:

Originally Posted by Bahroo

So instead of reporting straight to Apple, you report it to tech sites..nice...the tech sites dont own iOS, Apple does

I reported it to Apple first. Thanks

[GenesisST]

Quote:

Originally Posted by ryanonsrc

Actually, you should reconsider your thinking. This is how companies improve their product's security (whether it be software or consumer electronics). These are the same type of people that often find themselves working as a security-experts, tasked with uncovering security vulnerabilities.

It is a common misconception that people who engage in these activities and publish their results are supporting criminal activity. Indeed, it is likely that some of these people indeed have malicious intent, but I would argue the vast majority of them simply enjoy it as a problem-solving exercise and by posting these tutorials on YouTube they are actually doing a great service for the community, by allowing the responsible party to start patching these issues more quickly.

I never mentioned anything about criminal, did I?

Keep in mind that my rant was after a bad night where my 4 year old with a cold didn't sleep a lot (and therefore neither did I)...

[Nunyabinez]

Quote:

Originally Posted by John.B

Which was my point all along.



WTF? What is your problem?

My problem is that it is incredibly stupid to try this out and could potentially get someone in legal trouble. Your justification for why you tried it was totally ludicrous. And I was illustrating how non-sensical the reason you gave by comparing it to the justification Pete Townsend gave when he got caught (which BTW no one believed either).

What I would believe is an explanation more like "I am impulsive and don't think through the possible consequences for my actions and I wanted to see if I could do it." That I believe not the "I'm performing a public service by making sure that MR is not providing false information."

And if you had proved it false, who would you be helping? Thieves who might have been trying this on a stolen phone? I'm sure Apple's techs don't need any help diagnosing it. That's why I found your justification self-serving and totally unbelievable. And I stand by my statement: No one needs to try this.

[B2k1977]

Doesn't seem very high risk. I was going to try it, but got bored at step 3....lol all that just to bypass a lock screen?

[honus]

Quote:

Originally Posted by TitoC

Another good reason I'm glad I don't use the "simple passcode" method but instead use a bit more complicated passcode.

Except that update isn't correct. You are no safer from this issue with a complicated passcode.

[CQd44]

I like how all the initial comments weren't about the potential seriousness of this, but instead "OMG lozers get a lyfe LOL"

Some of you are delusional.

[honus]

Quote:

Originally Posted by Haxley

Doesn't seem to work on my iPhone 5 or girlfriends 4S. Both have 6.1. All steps performed correctly but the screen just goes black at the end (still backlit) with status bar on top.

First call made afterwards is labeled an Emergency Call lol

Your timing is off on the 3 seconds. You have to hit the emergency call just as the lock screen is coming up.

[nicklad]

From an engineering perspective, I am astounded that the lock screen user space application does not panic the kernel if it terminates with an exception.

Had they designed it architecturally correctly, with the presence of this very bug, it would have been a curious "my phone resets when I do this" issue and not one with the obvious security implications of the phone unlocking itself...

[Plymouthbreezer]

This is redic.

[C DM]

Quote:

Originally Posted by Plymouthbreezer

This is redic.

Now that's ridiculous.

[honus]

Quote:

Originally Posted by nicklad

From an engineering perspective, I am astounded that the lock screen user space application does not panic the kernel if it terminates with an exception.

Had they designed it architecturally correctly, with the presence of this very bug, it would have been a curious "my phone resets when I do this" issue and not one with the obvious security implications of the phone unlocking itself...

Except I don't think the lock screen app is terminating with an exception. I think the lock screen is part of the phone app and the phone app has a bug that is causing it to put up the wrong UI. This exploit only allows you to access the phone app. Hitting the home key or releasing the power button puts you back on the lock screen. You never leave the phone app.

[Ste Nova]

my phone is as Steve Jobs wanted it to be..... without passcode