Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > News and Article Discussion > iOS Blog Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Feb 25, 2013, 03:11 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
Second Lock Screen Bypass in iOS 6.1 Documented




A second iOS 6.1 bug has been discovered that gives access to contacts, photos and more. The vulnerability uses a similar method as the one disclosed previously, though it apparently gives access to more user data when the phone is plugged into a computer.

It was originally posted on the Full Disclosure mailing list. Kaspersky's Threatpost:
Quote:
Similar to the iPhone's passcode vulnerability, the exploit involves manipulating the phone's screenshot function, its emergency call function and its power button. Users can make an emergency call (911 for example) on the phone and then cancel it while toggling the power on and off to get temporary access to the phone. A video posted by the group shows a user flipping through the phone's voicemail list and contacts list while holding down the power button. From there an attacker could get the phone's screen to turn black before it can be connected to a computer via a USB cord. The device's photos, contacts and more "will be available directly from the device hard drive without the pin to access," according to the advisory.
Apple was expected to fix the lock screen bug in iOS 6.1.2, but that small release fixed a different bug. Instead, it appears a fix for at least one of the lock screen vulnerabilities will be coming in iOS 6.1.3, currently in the hands of developers.

Update: As noted by iMore and The Next Web, this vulnerability will only allow file access if the device has previously been synced with the computer without a passcode. Plugging the passcode-protected device, even with the bug exploited, into a different computer will simply generate an error message.

Article Link: Second Lock Screen Bypass in iOS 6.1 Documented
MacRumors is offline   0 Reply With Quote
Old Feb 25, 2013, 03:18 PM   #2
Radio
macrumors 65816
 
Join Date: Mar 2012
Location: Central California
Apple priorities - stop innovation from jailbreak community then fix security issues
Radio is offline   2 Reply With Quote
Old Feb 25, 2013, 03:20 PM   #3
dave420
macrumors 65816
 
Join Date: Jun 2010
This method allows access to the photos on the phone when hooked up to a computer? That's not news you can always do that, even with a passcode. Smebody posted a complaint bout it on the iPhone forum and everyone criticized the poster for actually wanting to put private photos on their camera roll.
dave420 is offline   0 Reply With Quote
Old Feb 25, 2013, 03:25 PM   #4
eatrains
macrumors member
 
Join Date: Mar 2006
Quote:
Originally Posted by Radio View Post
Apple priorities - stop innovation from jailbreak community then fix security issues
The exploits used by jailbreakers ARE security issues.
eatrains is offline   25 Reply With Quote
Old Feb 25, 2013, 03:26 PM   #5
kbmb
macrumors 68030
 
kbmb's Avatar
 
Join Date: Mar 2007
Location: NH
I thought if you had physical access to the phone.....then you can always get data off it.... regardless of whether it has a passcode lock or not?

Not through iTunes....but using any number of 3rd party apps that can see the data on the phone.

-Kevin
__________________
2010 Mac Pro 2.8 Quad, 27" ACD - Mid 2012 MacBook Air
kbmb is offline   0 Reply With Quote
Old Feb 25, 2013, 03:31 PM   #6
Intell
macrumors G5
 
Intell's Avatar
 
Join Date: Jan 2010
Location: Inside
Quote:
Originally Posted by dave420 View Post
This method allows access to the photos on the phone when hooked up to a computer? That's not news you can always do that, even with a passcode. Smebody posted a complaint bout it on the iPhone forum and everyone criticized the poster for actually wanting to put private photos on their camera roll.
Quote:
Originally Posted by kbmb View Post
I thought if you had physical access to the phone.....then you can always get data off it.... regardless of whether it has a passcode lock or not?

Not through iTunes....but using any number of 3rd party apps that can see the data on the phone.

-Kevin
When an iOS device that has been locked with a passcode is connect to a computer that it has never been connected to before, it will not let the computer access any information on the device. The device must be locked so that the passcode is needed to unlock it. Once you connect the device to a computer when it is unlocked, that computer becomes authorized to iOS to allow it to browse the device's contents. No third party utility can get around this lockout, neither can a computer's PTP access.
__________________
Last edited by Intell; Yesterday at 10:24 AM.
Intell is offline   2 Reply With Quote
Old Feb 25, 2013, 03:34 PM   #7
extricated
macrumors regular
 
Join Date: Jul 2011
No doubt a serious issue, yet there's something pretty amusing to me about the steps required to get past the lockscreen (not to mention what must have been done in order to discover the bug in the first place).
extricated is offline   0 Reply With Quote
Old Feb 25, 2013, 03:39 PM   #8
Bathplug
macrumors 6502a
 
Join Date: Jul 2010
iOS 6 is such a s*** update.
Bathplug is offline   3 Reply With Quote
Old Feb 25, 2013, 03:41 PM   #9
spazzcat
macrumors 68000
 
spazzcat's Avatar
 
Join Date: Jun 2007
Quote:
Originally Posted by extricated View Post
No doubt a serious issue, yet there's something pretty amusing to me about the steps required to get past the lockscreen (not to mention what must have been done in order to discover the bug in the first place).
Some people have way too much time. Also, does this only work if you have a simple passcode set?
spazzcat is offline   0 Reply With Quote
Old Feb 25, 2013, 03:49 PM   #10
kbmb
macrumors 68030
 
kbmb's Avatar
 
Join Date: Mar 2007
Location: NH
Quote:
Originally Posted by Intell View Post
When an iOS device that has been locked with a passcode is connect to a computer that it has never been connected to before, it will not let the computer access any information on the device. The device must be locked so that the passcode is needed to unlock it. Once you connect the device to a computer when it is unlocked, that computer becomes authorized to iOS to allow it to browse the device's contents. No third party utility can get around this lockout, neither can a computer's PTP access.
Thanks for the info!

-Kevin
__________________
2010 Mac Pro 2.8 Quad, 27" ACD - Mid 2012 MacBook Air
kbmb is offline   2 Reply With Quote
Old Feb 25, 2013, 03:51 PM   #11
lunaoso
macrumors 65816
 
lunaoso's Avatar
 
Join Date: Sep 2012
Location: New England, USA
I really want to know how people just happen to stumble upon this stuff. It seems almost rediculous when you think about it.
lunaoso is offline   4 Reply With Quote
Old Feb 25, 2013, 04:11 PM   #12
Fresh Pie
macrumors 6502a
 
Fresh Pie's Avatar
 
Join Date: Dec 2008
Location: Vermontpelier
I like how there's a small chance that the exploiter will call the police on themselves.
__________________
Listen Ana hear my words / They're the ones you would think I would say / If there was a me for you
Fresh Pie is offline   4 Reply With Quote
Old Feb 25, 2013, 04:30 PM   #13
dweezle3
macrumors regular
 
Join Date: Jun 2010
Location: Earth
These guys really have way too much time on their hands...
__________________
15" MacBook Pro; iPhone 4S
dweezle3 is offline   3 Reply With Quote
Old Feb 25, 2013, 04:39 PM   #14
furi0usbee
macrumors 6502a
 
Join Date: Jul 2008
This is why Apple (and other tech companies) have to hire hackers and people who like to spend time trying this stuff. The reason why these exploits exist is that the programmers program for the way people are supposed to use a device, NOT the way someone intends to use it to circumvent security. You need to have people who are solely looking to crack code or find some obscure exploit somewhere in the emergency dialer....

I used to play shooters for PC/Xbox. Three days after a release, you would see people finding glitches, doing stuff the devs never intended anyone to do. Why don't you just hire these freaks and let them find all this stuff. That would amount to a more secure and better product.
__________________
YouTube - Apple iPhone Support Hotline (Actual Phone Call Recording)
MacBook Pro 15" (Retina) 2.3GHz i7 / 8GB RAM  iPad mini (AT&T) (16GB)
furi0usbee is offline   1 Reply With Quote
Old Feb 25, 2013, 05:21 PM   #15
agitoTech
macrumors newbie
 
Join Date: Sep 2012
If someone has gained physical access to my iDevice to attempt to exploit a security vulnerability, all of my other security practices have failed.
agitoTech is offline   2 Reply With Quote
Old Feb 25, 2013, 05:23 PM   #16
gotluck
macrumors 68020
 
gotluck's Avatar
 
Join Date: Dec 2011
Location: East Central Florida
Quote:
Originally Posted by agitoTech View Post
If someone has gained physical access to my iDevice to attempt to exploit a security vulnerability, all of my other security practices have failed.
This. And this is also why the security holes used by the jailbreak are irrelevant.
__________________
iPad Air LTE 7.1b3 JB (T-Mobile) - GS 4 Google Edition 4.4.2 ART (AT&T) - Windows 7 PC & HP 8740w - iPhone 4 6.1 JB
gotluck is offline   1 Reply With Quote
Old Feb 25, 2013, 05:59 PM   #17
seamer
macrumors 6502
 
Join Date: Jul 2009
Quote:
Originally Posted by furi0usbee View Post
This is why Apple (and other tech companies) have to hire hackers and people who like to spend time trying this stuff. The reason why these exploits exist is that the programmers program for the way people are supposed to use a device, NOT the way someone intends to use it to circumvent security. You need to have people who are solely looking to crack code or find some obscure exploit somewhere in the emergency dialer....

I used to play shooters for PC/Xbox. Three days after a release, you would see people finding glitches, doing stuff the devs never intended anyone to do. Why don't you just hire these freaks and let them find all this stuff. That would amount to a more secure and better product.
Hiring "hackers" is fine in principle. In reality, 99% of the "exploits" found within 3 days of a game launching are most likely revealed by the QA guys who tested the game. Quite often, unless a bug will cause the game to fail a TRC or TCR check, the developers just don't bother. This is largely because of a marketing department who have to meet financial goals rather than quality goals.

I know we're the ones who write spoiler guides for everything ever released, too.

/ex-Quality Assurance peon
seamer is offline   0 Reply With Quote
Old Feb 25, 2013, 06:09 PM   #18
jm001
macrumors regular
 
Join Date: Sep 2011
Quote:
Originally Posted by agitoTech View Post
If someone has gained physical access to my iDevice to attempt to exploit a security vulnerability, all of my other security practices have failed.
Exactly they must first get physical access to your iPhone. So first line of defence is keep a close watch on your phone. Know where it is at all times. Keep it physically secure.

Last edited by jm001; Feb 25, 2013 at 06:10 PM. Reason: Spelling
jm001 is offline   0 Reply With Quote
Old Feb 25, 2013, 06:31 PM   #19
marc11
macrumors 68000
 
Join Date: Mar 2011
Location: NY USA
Quote:
Originally Posted by agitoTech View Post
If someone has gained physical access to my iDevice to attempt to exploit a security vulnerability, all of my other security practices have failed.
Wait, so, if you lose your phone by accident; then you just say oh well, any private data I have on it is fair game and that is okay? Then why even have a passcode on it if it can just be hacked and in your words, if someone has physical access to the device then your data is fair game.

I do not see that logic. I for one would like to have the confidence that if someone had access to my device then at the most I have lost the device, easily replaced and I did not lose private data that someone can use for purposes not so easily replaced.

Physical access is not your second line of defence, it is your first line, your second line is rock solid data security which Apple has been failing at recently.
__________________
Various Apple Products
marc11 is offline   1 Reply With Quote
Old Feb 25, 2013, 06:42 PM   #20
el-John-o
macrumors 65816
 
Join Date: Nov 2010
Location: Missouri
Quote:
Originally Posted by kbmb View Post
I thought if you had physical access to the phone.....then you can always get data off it.... regardless of whether it has a passcode lock or not?

Not through iTunes....but using any number of 3rd party apps that can see the data on the phone.

-Kevin
Not when there is a passcode on it. When there is a passcode, the phone won't mount as a 'camera' like it can unlocked, and apps like iExplorer cannot access the drive
__________________
Windows7 PC - Phenom II 965@4GHz x4 Cores, 16GB DDR3-2133, Radeon HD7970 | iPhone 5 32GB | iPad WiFi+3G 64GB | Mid 2012 MacBook Pro 13", Dual 256GB SSD's in RAID 0, 16GB DDR3-1600
el-John-o is offline   0 Reply With Quote
Old Feb 25, 2013, 06:44 PM   #21
anthony11
macrumors regular
 
Join Date: May 2007
Location: Seattle, WA
Quote:
Originally Posted by lunaoso View Post
I really want to know how people just happen to stumble upon this stuff. It seems almost rediculous when you think about it.
Not nearly as "rediculous" as writing about the "hard drive" in a device that has none.
anthony11 is offline   1 Reply With Quote
Old Feb 25, 2013, 06:44 PM   #22
NT1440
macrumors G3
 
NT1440's Avatar
 
Join Date: May 2008
Location: Hartford, CT
Quote:
Originally Posted by marc11 View Post
Wait, so, if you lose your phone by accident; then you just say oh well, any private data I have on it is fair game and that is okay? Then why even have a passcode on it if it can just be hacked and in your words, if someone has physical access to the device then your data is fair game.
No, I lose my phone I boot up my machine, then trace it on icloud, and erase it if its in a location that I know isn't where I lost it.

Very simple.

If apple is failing at security lately, what does the SIII root access bug (now patched) say? I'd say root access is far more serious than access to my pictures and contacts...

Also, you're putting words in that user's mouth, and I'm sure he wouldn't appreciate it.
NT1440 is offline   0 Reply With Quote
Old Feb 25, 2013, 06:57 PM   #23
clockworkorange
macrumors regular
 
Join Date: Jan 2008
Great! another way for my girlfriend to gain access to my phone >_>

good thing I have nothing to hide, but it's annoying when she re-arranges my bloody icons in groups of colors - I then have to spend hours putting everything back in their correct places cause I have OCD like that >_<
__________________
-Mid-2013 13" Macbook Air, 1.3GHz i5, 4GB RAM, 126GB SSD, 10.9.1 Mavericks
-Original 15" Macbook Pro, 2.0GHz Core Duo, 2GB RAM, 80GB HDD
-Mid-2010 21.5" iMac, 2.3GHz i3, 12GB RAM, 1TB HDD
clockworkorange is offline   0 Reply With Quote
Old Feb 25, 2013, 07:01 PM   #24
marc11
macrumors 68000
 
Join Date: Mar 2011
Location: NY USA
Quote:
Originally Posted by NT1440 View Post
No, I lose my phone I boot up my machine, then trace it on icloud, and erase it if its in a location that I know isn't where I lost it.

Very simple.

If apple is failing at security lately, what does the SIII root access bug (now patched) say? I'd say root access is far more serious than access to my pictures and contacts...

Also, you're putting words in that user's mouth, and I'm sure he wouldn't appreciate it.
I didn't put words in anyones mouth, he said them. I am sure he is old enough to speak for himself and doesn't need you to speak for him....isn't that the same as putting words in his mouth? Double standard much?

Let us leave Android out of an iOS discussion for once, huh? Man, this site and its Android paranoia....every Apple fault has to be balanced with an Android fault for some reason.

As for using Find my iPhone, we all know that is so easy to defeat, it isn't hard to defeat it and you are still giving hackers enough time to get your device, hack into and get your data.

The point is, Apple needs to step up and close these security holes. There is no defending Apple on this; regardless if other devices have security holes or not, we OWN Apple Devices, I could give a rats tail how easy it is to root an SIII when someone gets my iPhone.
__________________
Various Apple Products
marc11 is offline   2 Reply With Quote
Old Feb 25, 2013, 07:03 PM   #25
NT1440
macrumors G3
 
NT1440's Avatar
 
Join Date: May 2008
Location: Hartford, CT
Quote:
Originally Posted by marc11 View Post

As for using Find my iPhone, we all know that is so easy to defeat, it isn't hard to defeat it and you are still giving hackers enough time to get your device, hack into and get your data.

The point is, Apple needs to step up and close these security holes. There is no defending Apple on this; regardless if other devices have security holes or not, we OWN Apple Devices, I could give a rats tail how easy it is to root an SIII when someone gets my iPhone.
I can tell from the underlined that you don't actually understand software development. Hackers? Really?

Find me one OS on the planet that doesn't have a security hole somewhere in it. This is a game of patch a hole, find 2 others. Software is not a cut and dry field.
NT1440 is offline   3 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > iOS Blog Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 08:03 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC