Go Back   MacRumors Forums > iPhone, iPod and iPad > iPhone

Reply
 
Thread Tools Search this Thread Display Modes
Old Jan 16, 2013, 12:48 PM   #1
S1RiOS
macrumors newbie
 
Join Date: Jan 2013
Cool I have just discovered a major security flaw in iOS 6.1

This simple and easy to pull off trick allows for an attacker to bypass an iPhone's pass code and obtain full access (see and edit) to contacts list, list of recent calls, favorite contacts, and even make a call to any phone number on the hacked device and erase the log.
Should I shut up? or should I publish the trick for the iPhone users are prevented?
S1RiOS is offline   2 Reply With Quote
Old Jan 16, 2013, 12:49 PM   #2
SandboxGeneral
Moderator
 
SandboxGeneral's Avatar
 
Join Date: Sep 2010
Location: The New World
Quote:
Originally Posted by S1RiOS View Post
This simple and easy to pull off trick allows for an attacker to bypass an iPhone's pass code and obtain full access (see and edit) to contacts list, list of recent calls, favorite contacts, and even make a call to any phone number on the hacked device and erase the log.
Should I shut up? or should I publish the trick for the iPhone users are prevented?
If you're serious, you should keep it to yourself and notify Apple.
__________________
SandboxGeneral is online now   9 Reply With Quote
Old Jan 16, 2013, 12:53 PM   #3
Mlrollin91
macrumors 68020
 
Join Date: Nov 2008
Location: Ventura
Quote:
Originally Posted by S1RiOS View Post
This simple and easy to pull off trick allows for an attacker to bypass an iPhone's pass code and obtain full access (see and edit) to contacts list, list of recent calls, favorite contacts, and even make a call to any phone number on the hacked device and erase the log.
Should I shut up? or should I publish the trick for the iPhone users are prevented?
How exactly is that a major security flaw? So they have access to the phone? I think a larger flaw is being able to turn off the phone when locked, therefore Find My iPhone does not work and the potential for it to be restored and never found.
Mlrollin91 is offline   5 Reply With Quote
Old Jan 16, 2013, 12:55 PM   #4
r2shyyou
macrumors 68000
 
r2shyyou's Avatar
 
Join Date: Oct 2010
Location: Paris, France
Quote:
Originally Posted by S1RiOS View Post
This simple and easy to pull off trick allows for an attacker to bypass an iPhone's pass code and obtain full access (see and edit) to contacts list, list of recent calls, favorite contacts, and even make a call to any phone number on the hacked device and erase the log.
Should I shut up? or should I publish the trick for the iPhone users are prevented?
Since iOS 6.1 is still in beta, you should obviously contact Apple. Relatively few users would be able to take steps to prevent this supposed flaw since relatively few users have 6.1.

If it comes out and the flaw is still present, then you may want to consider publishing it.
__________________
"kkkkkkkk ....ok" - iphone4s16gb
r2shyyou is offline   3 Reply With Quote
Old Jan 16, 2013, 01:28 PM   #5
S1RiOS
Thread Starter
macrumors newbie
 
Join Date: Jan 2013
Thanks friends, the flaw is also present in iOS 6.0.1 and 6.0.2 I have 10B5126b 6.1 but I'm not developer, I do not know how to inform to Apple, I hope Apple is reading this and contact me.
S1RiOS is offline   1 Reply With Quote
Old Jan 16, 2013, 01:32 PM   #6
r2shyyou
macrumors 68000
 
r2shyyou's Avatar
 
Join Date: Oct 2010
Location: Paris, France
Quote:
Originally Posted by S1RiOS View Post
Thanks friends, the flaw is also present in iOS 6.0.1 and 6.0.2 I have 10B5126b 6.1 but I'm not developer, I do not know how to inform to Apple, I hope Apple is reading this and contact me.
This is the most direct way to contact Apple.
__________________
"kkkkkkkk ....ok" - iphone4s16gb
r2shyyou is offline   3 Reply With Quote
Old Jan 16, 2013, 01:38 PM   #7
pmontanarella
macrumors 6502
 
Join Date: Oct 2012
Location: Rio de Janeiro, Brazil
Quote:
Originally Posted by Mlrollin91 View Post
I think a larger flaw is being able to turn off the phone when locked, therefore Find My iPhone does not work and the potential for it to be restored and never found.
I agree,

That is a huge security flaw, it really makes Find my iPhone pointless... Hope Apple changes that in the future. Also it would be cool if you could password protect only certain apps. For example password protect settings to Find my iPhone can't be turned off, by keep the iPhone itself without a pin code, so it's faster to unlock and stuff. Also, have a pin code to turn off the device...

Pietro
__________________
"Entrepreneurship is living a few years of your life like most people won't, so that you can spend the rest of your life like most people can't."
pmontanarella is offline   1 Reply With Quote
Old Jan 16, 2013, 01:48 PM   #8
liteshow
macrumors regular
 
Join Date: Sep 2012
Quote:
Originally Posted by pmontanarella View Post
I agree,

That is a huge security flaw, it really makes Find my iPhone pointless... Hope Apple changes that in the future. Also it would be cool if you could password protect only certain apps. For example password protect settings to Find my iPhone can't be turned off, by keep the iPhone itself without a pin code, so it's faster to unlock and stuff. Also, have a pin code to turn off the device...

Pietro
On a related note about find my iphone, doesn't Find my iPhone use cellular data to get it's location? So preventing someone from turning off iphone when locked would be pointless. All the would be thief has to do is pop out the SIM card and the stolen iphone loses connectivity unless the phone is somehow connected via free wifi.
liteshow is offline   2 Reply With Quote
Old Jan 16, 2013, 01:51 PM   #9
pmontanarella
macrumors 6502
 
Join Date: Oct 2012
Location: Rio de Janeiro, Brazil
Quote:
Originally Posted by liteshow View Post
On a related note about find my iphone, doesn't Find my iPhone use cellular data to get it's location? So preventing someone from turning off iphone when locked would be pointless. All the would be thief has to do is pop out the SIM card and the stolen iphone loses connectivity unless the phone is somehow connected via free wifi.
Good point, I hadn't considered that

Pietro
pmontanarella is offline   2 Reply With Quote
Old Jan 16, 2013, 01:55 PM   #10
Mlrollin91
macrumors 68020
 
Join Date: Nov 2008
Location: Ventura
Quote:
Originally Posted by liteshow View Post
On a related note about find my iphone, doesn't Find my iPhone use cellular data to get it's location? So preventing someone from turning off iphone when locked would be pointless. All the would be thief has to do is pop out the SIM card and the stolen iphone loses connectivity unless the phone is somehow connected via free wifi.
Never thought about that either. Well it wouldn't be a problem for the CDMA version, but GSM would definitely have a problem. Regardless I feel Apple needs to really address this issue because it really does make Find My iPhone completely pointless if there are so many works around it.
Mlrollin91 is offline   1 Reply With Quote
Old Jan 16, 2013, 02:27 PM   #11
S1RiOS
Thread Starter
macrumors newbie
 
Join Date: Jan 2013
Do you think that to fix it Apple will delay the 6.1 official release? I look forward the new iOS because I read that the untethered jailbreak will come at the same time.

Last edited by S1RiOS; Jan 16, 2013 at 03:25 PM.
S1RiOS is offline   1 Reply With Quote
Old Jan 16, 2013, 04:59 PM   #12
robbyg
macrumors newbie
 
Join Date: Jan 2013
Find my iPhone is really a mess. It needs these two fixes.

1) It should have been integrated into the ios like the weather app or any of the others, that way it could not be removed and it should have no Off mode, that should be something that can only be done on the net when you log into the account.

2) It should have worked with the phones serial number or CID so that once you register it the phone remains trackable by you and only you, unless you decide to login into Apple and release the number when your selling or giving away the phone.

If those two things where done it would not matter what the thief did because sooner or later he will have a Sim in the phone or wifi connected and Pow you know exactly where he is and if you can't get your phone back because he's in Nigeria, etc. You will still be able to remotely wipe his phone every week or so just to piss him off.
robbyg is offline   5 Reply With Quote
Old Jan 16, 2013, 05:05 PM   #13
scaredpoet
macrumors 603
 
scaredpoet's Avatar
 
Join Date: Apr 2007
Quote:
Originally Posted by S1RiOS View Post
Do you think that to fix it Apple will delay the 6.1 official release? I look forward the new iOS because I read that the untethered jailbreak will come at the same time.
Depends on what the flaw is and whether it lives up to the hype you're giving it.
__________________
If you're not a clairvoyant, then you shouldn't be speaking for a dead guy.
I'm here to talk about Apple stuff, and related tech stuff. Your political beliefs? I really couldn't care less about.
scaredpoet is offline   1 Reply With Quote
Old Jan 16, 2013, 05:10 PM   #14
mikeydeezy
macrumors 6502a
 
Join Date: Jun 2010
Location: MN, USA
Quote:
Originally Posted by robbyg View Post
You will still be able to remotely wipe his phone every week or so just to piss him off.

Man I'd torment the thief with this. Go an extra week between wipes to give them false hope and wipe it again.
__________________
Ordered: T-Mobile iPhone 6 Plus Gold 128GB
Date: 11/14/2014 @ 4PM
Shipped on: 11/17/2014
mikeydeezy is offline   5 Reply With Quote
Old Jan 16, 2013, 05:19 PM   #15
robbyg
macrumors newbie
 
Join Date: Jan 2013
Quote:
Originally Posted by mikeydeezy View Post
Man I'd torment the thief with this. Go an extra week between wipes to give them false hope and wipe it again.
Oh it would be so cool to be able to make him miserable, it might make him go out and go after the guy who sold him your phone. At the very least iPhones would become one of the least desirable phones to steal.
robbyg is offline   2 Reply With Quote
Old Jan 16, 2013, 05:20 PM   #16
seble
macrumors 6502a
 
Join Date: Sep 2010
Quote:
Originally Posted by pmontanarella View Post
I agree,

That is a huge security flaw, it really makes Find my iPhone pointless... Hope Apple changes that in the future. Also it would be cool if you could password protect only certain apps. For example password protect settings to Find my iPhone can't be turned off, by keep the iPhone itself without a pin code, so it's faster to unlock and stuff. Also, have a pin code to turn off the device...

Pietro
I agree with you about the password thing. I mean heck, the mac is able to ask you for an admin password when another user is logged in and you want to shutdown, so why not require a shutdown passcode for ios devices (make it a voluntary feature of course cause not everyone would want this). Then just make sure that hard reset is only able to restart the phone, that way, it will always be 'on'.
seble is offline   1 Reply With Quote
Old Jan 16, 2013, 05:26 PM   #17
wrkactjob
Banned
 
Join Date: Feb 2008
Location: London
Quote:
Originally Posted by S1RiOS View Post
This simple and easy to pull off trick allows for an attacker to bypass an iPhone's pass code and obtain full access (see and edit) to contacts list, list of recent calls, favorite contacts, and even make a call to any phone number on the hacked device and erase the log.
Should I shut up? or should I publish the trick for the iPhone users are prevented?
Hay Newbie, you can not be serious!
wrkactjob is offline   5 Reply With Quote
Old Jan 16, 2013, 05:28 PM   #18
Eric374
macrumors 6502
 
Join Date: Sep 2006
Location: Wichita, Kansas
Quote:
Originally Posted by Mlrollin91 View Post
Never thought about that either. Well it wouldn't be a problem for the CDMA version, but GSM would definitely have a problem. Regardless I feel Apple needs to really address this issue because it really does make Find My iPhone completely pointless if there are so many works around it.
Pop out the sim on my Verizon 5 and I get a big "NO SERVICE", so CDMA doesn't matter either.
__________________
Sometimes the public school system really pisses me off......
Eric374 is offline   1 Reply With Quote
Old Jan 16, 2013, 05:30 PM   #19
TSX
macrumors 68030
 
TSX's Avatar
 
Join Date: Oct 2008
Location: Texas
Why not give it to some JB devs for a future jailbreak. They need it.
__________________
| Colt 6920 | P226 | P228 | G19 | S&W 422 |
TSX is offline   1 Reply With Quote
Old Jan 16, 2013, 05:35 PM   #20
C DM
macrumors G5
 
Join Date: Oct 2011
Quote:
Originally Posted by S1RiOS View Post
This simple and easy to pull off trick allows for an attacker to bypass an iPhone's pass code and obtain full access (see and edit) to contacts list, list of recent calls, favorite contacts, and even make a call to any phone number on the hacked device and erase the log.
Should I shut up? or should I publish the trick for the iPhone users are prevented?
Is it really a (security) flaw or perhaps just some possibly misunderstood yet valid usecase?

Especially when it comes to "simple and easy to pull off trick[s]", far too many times people have mentioned security flaws and it simply turned out to be nothing more than a misunderstanding or a particular phone/app configuration of some sort, and certainly not a flaw, let alone a (major) security one.
C DM is offline   1 Reply With Quote
Old Jan 16, 2013, 06:02 PM   #21
aPple nErd
macrumors 68020
 
aPple nErd's Avatar
 
Join Date: Feb 2012
Location: Jailbreaks/IOS Hacks
Quote:
Originally Posted by s1rios View Post
this simple and easy to pull off trick allows for an attacker to bypass an iphone's pass code and obtain full access (see and edit) to contacts list, list of recent calls, favorite contacts, and even make a call to any phone number on the hacked device and erase the log.
Should i shut up? Or should i publish the trick for the iphone users are prevented?
absolutely do not notifupy apple, contact the jb team first!!!!!!!!!
__________________
iPhone 6 space grey, iPhone 5 White/Silver, iPod Tough 5 Blue, iPad 3 White, iPod Touch 4 White -- All Jailbroken
iMac Mid 2011 21.5"
aPple nErd is offline   1 Reply With Quote
Old Jan 16, 2013, 06:58 PM   #22
Mlrollin91
macrumors 68020
 
Join Date: Nov 2008
Location: Ventura
Quote:
Originally Posted by Eric374 View Post
Pop out the sim on my Verizon 5 and I get a big "NO SERVICE", so CDMA doesn't matter either.
Really? I didn't know that. I thought the sim card slot was only used in a CDMA phone for "world phone" purposes. Well then that makes Find My iPhone even more pointless...
Mlrollin91 is offline   1 Reply With Quote
Old Jan 16, 2013, 07:05 PM   #23
dictoresno
macrumors 68020
 
dictoresno's Avatar
 
Join Date: Apr 2012
Location: NJ
Quote:
Originally Posted by Mlrollin91 View Post
Really? I didn't know that. I thought the sim card slot was only used in a CDMA phone for "world phone" purposes. Well then that makes Find My iPhone even more pointless...
LTE is based on GSM technology, which requires network authentication using a SIM. so they have integrated its need into the iphone 5. without it, it will render even the CDMA side useless.
__________________
Verizon iPhone 6, 128GB Space Grey
iPad Mini 16GB Black, iPad 1 32 GB Black
iPod Touch 4th Generation 64GB Black
dictoresno is offline   1 Reply With Quote
Old Jan 16, 2013, 07:17 PM   #24
Brandon0448
macrumors regular
 
Join Date: Aug 2011
Location: Wasilla, Alaska
Find my iPhone will never be perfect, I always thought it was more for a lost device than a stolen one. Like the saying goes a lock only keeps an honest man out. If a thief wants your stuff and is motivated enough they will get it and there is nothing you can do about it. It is the sad truth.

-Brandon
__________________
2011 13" Macbook Air i7 256g / iPhone 5 64GB / iPad 3 64GB / ATV2
Brandon0448 is offline   3 Reply With Quote
Old Jan 16, 2013, 07:18 PM   #25
Starrbuck
macrumors regular
 
Join Date: Jun 2010
If he's got 6.1, isn't that a beta, and that would mean he's a developer, right? I would think Apple makes it clear how they report bugs.
__________________
Some of you really need to get a life.
Starrbuck is offline   1 Reply With Quote

Reply
MacRumors Forums > iPhone, iPod and iPad > iPhone

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Resolved: iPhone 5s / iOS 7 security flaw ctross iPhone 2 Sep 24, 2013 05:12 AM
Major security flaw! gurbinav iOS 7 14 Sep 20, 2013 11:41 AM
New iPhone Passcode Security Flaw Discovered in iOS 6.1.3 MacRumors iOS Blog Discussion 92 Mar 25, 2013 05:42 PM
Major iOS security flaw. CylonGlitch iOS 6 21 Feb 16, 2013 03:47 AM
I think I have found a major security flaw with the firmware password feature kevinsa OS X 10.8 Mountain Lion 8 Sep 2, 2012 02:08 PM

Forum Jump

All times are GMT -5. The time now is 08:47 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC