Go Back   MacRumors Forums > News and Article Discussion > iOS Blog Discussion

Reply
 
Thread Tools Search this Thread Display Modes
Old Mar 20, 2013, 02:18 PM   #1
MacRumors
macrumors bot
 
Join Date: Apr 2001
New iPhone Passcode Security Flaw Discovered in iOS 6.1.3




Following yesterday's release of iOS 6.1.3, which fixed two bugs allowing the iPhone's passcode lock to be bypassed, another passcode security flaw has been discovered.

The vulnerability, which only affects the iPhone 4, involves the Voice Dial command, as demonstrated in the video below from YouTube user videosdebarraquito.

iPhoneinCanada
tested the method in the video using an iPhone 4 running iOS 6.1.3 and found that the security flaw does indeed exist, giving a potential intruder access to both contacts and photos.

Like the previous passcode vulnerability, the current hack involves a complicated set of steps that includes initiating Voice Dial command and quickly ejecting the phone's SIM card.

When the SIM card is removed, the phone opens the recent call log, which gives access to the contact list. In the contact list, adding a photo also gives access to all of the pictures on the device.

The previous passcode vulnerability was discovered in mid-February, and it took Apple more than a month to push a fix. An update for the current bypass could follow a similar timeline, but the vulnerability can be fixed by disabling Voice Dial from the Passcode Lock menu.

At this time, the vulnerability has only been shown to work with the iPhone 4. We were unable to reproduce the results with an iPhone 5 with Siri disabled, though the bug may potentially affect the pre-Siri iPhone 3GS as well.

Update 1:07 PM: iPhoneBlog.de reports that it has reproduced the issue on an iPhone 5 with Siri disabled, although we have still been unable to do so.

Article Link: New iPhone Passcode Security Flaw Discovered in iOS 6.1.3
MacRumors is offline   0 Reply With Quote
Old Mar 20, 2013, 02:18 PM   #2
ZacNicholson
macrumors 6502a
 
ZacNicholson's Avatar
 
Join Date: Jun 2011
Location: Indiana
Send a message via Skype™ to ZacNicholson
wow that was fast
__________________
follow me on twitter @zac_nicholson
watch my youtube www.youtube.com/mrzacnicholson
2011 13" MBP, iPhone 4 (jailbroken), iPad 3 32 GB Verizon(jailbroken), Apple tv 2(jailbroken)
ZacNicholson is offline   4 Reply With Quote
Old Mar 20, 2013, 02:22 PM   #3
iGuardian
macrumors 6502a
 
iGuardian's Avatar
 
Join Date: Aug 2008
Location: The Best Place on Earth™
This is ridiculous. I understand that this is insecure but who the hell comes up with such an elaborate way to access just your phone and photos? Your phone's still safe from the average Joe.
iGuardian is offline   8 Reply With Quote
Old Mar 20, 2013, 02:22 PM   #4
EmbraceTheOne
macrumors 6502a
 
EmbraceTheOne's Avatar
 
Join Date: Aug 2011
I don't see the big deal in this...
__________________
13" Aluminum Macbook Pro. 2.7ghz 8GB Ram.
iPhone 4S Black 16GB
EmbraceTheOne is offline   1 Reply With Quote
Old Mar 20, 2013, 02:22 PM   #5
Radio
In Time-Out
 
Join Date: Mar 2012
Location: Central California
Meh who cares
Radio is offline   1 Reply With Quote
Old Mar 20, 2013, 02:25 PM   #6
MattMJB0188
macrumors 65816
 
MattMJB0188's Avatar
 
Join Date: Dec 2009
Location: California
Does anyone even use the iPhone 4 anymore?
MattMJB0188 is offline   3 Reply With Quote
Old Mar 20, 2013, 02:25 PM   #7
troop231
macrumors 601
 
troop231's Avatar
 
Join Date: Jan 2010
Wow, who figures this stuff out?

What's next? Stand on your head, rub your stomach while ejecting the SIM 3 times with 1.5 second pauses in between each one.

troop231 is offline   28 Reply With Quote
Old Mar 20, 2013, 02:27 PM   #8
anberlinairlift
macrumors member
 
Join Date: Nov 2010
Location: Charlotte Hall, MD
I'm just glad that Macrumors posted this. Complicated as it is, we want to make sure that criminals everywhere with stolen iPhone 4's will have no trouble accessing them.

/sarcasm
__________________
 15" MacBook Pro (2.53 GHz, Mid 2009)  64GB iPhone 5S
anberlinairlift is offline   8 Reply With Quote
Old Mar 20, 2013, 02:27 PM   #9
lunaoso
macrumors 65816
 
lunaoso's Avatar
 
Join Date: Sep 2012
Location: New England, USA
Quote:
Originally Posted by MattMJB0188 View Post
Does anyone even use the iPhone 4 anymore?
It's crazy but people still even buy them. And then they complain that it's too slow.
lunaoso is offline   0 Reply With Quote
Old Mar 20, 2013, 02:27 PM   #10
roxxette
Banned
 
Join Date: Aug 2011
Quote:
Originally Posted by troop231 View Post
Wow, who figures this stuff out?

What's next? Stand on your head, rub your stomach while ejecting the SIM 3 times with 1.5 second pauses in between each one.

Hahaha was thinking the same thing, dont kmow how they figure this stuff out !
roxxette is offline   2 Reply With Quote
Old Mar 20, 2013, 02:27 PM   #11
WatchTheThrone
macrumors regular
 
Join Date: Aug 2011
So expect 6.1.4 next week lol and 6.1.5 the week after that and so on and so forth....
WatchTheThrone is offline   0 Reply With Quote
Old Mar 20, 2013, 02:27 PM   #12
jmcrutch
macrumors regular
 
Join Date: Jul 2010
Are they using code to figure these out or is someone that bored that they'll employ the trial and error method? There must be a million different possible combinations of things you can try together, literally, in order to discover such a vulnerability.
jmcrutch is offline   3 Reply With Quote
Old Mar 20, 2013, 02:28 PM   #13
M-O
macrumors 6502
 
Join Date: Mar 2011
perhaps they can fix this security hole by replacing the voice control feature on iPhone 4 with Siri.

...just a thought.
M-O is offline   3 Reply With Quote
Old Mar 20, 2013, 02:29 PM   #14
Idgit
macrumors 6502
 
Join Date: Mar 2004
Not sure if you're joking or not. In Canada, we have 3-year contracts so many of us are still using the iPhone 4. My contract doesn't expire until this August.

Quote:
Originally Posted by MattMJB0188 View Post
Does anyone even use the iPhone 4 anymore?
Idgit is offline   9 Reply With Quote
Old Mar 20, 2013, 02:29 PM   #15
jmcrutch
macrumors regular
 
Join Date: Jul 2010
Up down up down left right left right B A start ...
jmcrutch is offline   12 Reply With Quote
Old Mar 20, 2013, 02:30 PM   #16
joelvega125
macrumors regular
 
Join Date: Jun 2010
the people who figure out this crap are idiots. If I lose my phone I'm effed anyway. The old "voice dial paperclip sim tray pop out" trick will be the least of my worries.
joelvega125 is offline   0 Reply With Quote
Old Mar 20, 2013, 02:30 PM   #17
RenoG
macrumors 65816
 
Join Date: Oct 2010
Yeah and thank you for putting the wonderful new quick and easy how-to out for all to see on bypassing the passcode. Now every savy iphone thief and hacker can go back to business as usual.
RenoG is offline   2 Reply With Quote
Old Mar 20, 2013, 02:31 PM   #18
goobot
macrumors 601
 
goobot's Avatar
 
Join Date: Jun 2009
Location: long island NY
Wouldn't this effect the 3GS as well considering it has the same type voice control?
goobot is offline   2 Reply With Quote
Old Mar 20, 2013, 02:31 PM   #19
M-O
macrumors 6502
 
Join Date: Mar 2011
Quote:
Originally Posted by lunaoso View Post
It's crazy but people still even buy them. And then they complain that it's too slow.
I just got one a few months ago (second hand). I don't feel it's too slow. Sure, it's slower than iPhone 5, but it's plenty fast for me.

still, if i were going to buy one on contract i'd definitely go with the 5.
M-O is offline   1 Reply With Quote
Old Mar 20, 2013, 02:32 PM   #20
troop231
macrumors 601
 
troop231's Avatar
 
Join Date: Jan 2010
Quote:
Originally Posted by jmcrutch View Post
Up down up down left right left right B A start ...
http://www.youtube.com/watch?feature...7n2AJj4#t=400s

troop231 is offline   0 Reply With Quote
Old Mar 20, 2013, 02:33 PM   #21
tevion5
macrumors 6502a
 
tevion5's Avatar
 
Join Date: Jul 2011
Location: Ireland
Quote:
Originally Posted by MattMJB0188 View Post
Does anyone even use the iPhone 4 anymore?
Millions
tevion5 is offline   11 Reply With Quote
Old Mar 20, 2013, 02:34 PM   #22
PinoyAko
macrumors 6502
 
Join Date: Nov 2012
iPhone 4 has a Siri?
PinoyAko is offline   0 Reply With Quote
Old Mar 20, 2013, 02:35 PM   #23
RenoG
macrumors 65816
 
Join Date: Oct 2010
Quote:
Originally Posted by MattMJB0188 View Post
Does anyone even use the iPhone 4 anymore?
Iphones don't suddenly expire when a new comes out you know...My wife has a 4 and it works perfectly, she has absolutely no desire or need whatsoever to upgrade..for what!
RenoG is offline   9 Reply With Quote
Old Mar 20, 2013, 02:35 PM   #24
PinoyAko
macrumors 6502
 
Join Date: Nov 2012
Quote:
Originally Posted by troop231 View Post
Wow, who figures this stuff out?

What's next? Stand on your head, rub your stomach while ejecting the SIM 3 times with 1.5 second pauses in between each one.


Excuse me, 2.3 seconds not 1.5 seconds.
PinoyAko is offline   0 Reply With Quote
Old Mar 20, 2013, 02:36 PM   #25
iMikeT
macrumors 68020
 
Join Date: Jul 2006
Location: California
Who used Voice Command before Siri?
iMikeT is offline   0 Reply With Quote

Reply
MacRumors Forums > News and Article Discussion > iOS Blog Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
iOS 7 Security Flaw Leaves Stored Email Attachments Unencrypted [Updated] MacRumors MacRumors.com News Discussion 130 May 8, 2014 03:41 PM
Alleged iOS Security Flaw Enables Malicious Apps to Secretly Log User Touch Inputs MacRumors MacRumors.com News Discussion 127 Feb 26, 2014 05:44 PM
Resolved: iPhone 5s / iOS 7 security flaw ctross iPhone 2 Sep 24, 2013 04:12 AM
Major iOS security flaw. CylonGlitch iOS 6 21 Feb 16, 2013 02:47 AM
I have just discovered a major security flaw in iOS 6.1 S1RiOS iPhone 71 Feb 15, 2013 10:20 AM

Forum Jump

All times are GMT -5. The time now is 01:28 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC