New iPhone Passcode Security Flaw Discovered in iOS 6.1.3

[MacRumors]

Following yesterday's release of iOS 6.1.3, which fixed two bugs allowing the iPhone's passcode lock to be bypassed, another passcode security flaw has been discovered.

The vulnerability, which only affects the iPhone 4, involves the Voice Dial command, as demonstrated in the video below from YouTube user videosdebarraquito.

iPhoneinCanada tested the method in the video using an iPhone 4 running iOS 6.1.3 and found that the security flaw does indeed exist, giving a potential intruder access to both contacts and photos.

Like the previous passcode vulnerability, the current hack involves a complicated set of steps that includes initiating Voice Dial command and quickly ejecting the phone's SIM card.

When the SIM card is removed, the phone opens the recent call log, which gives access to the contact list. In the contact list, adding a photo also gives access to all of the pictures on the device.

The previous passcode vulnerability was discovered in mid-February, and it took Apple more than a month to push a fix. An update for the current bypass could follow a similar timeline, but the vulnerability can be fixed by disabling Voice Dial from the Passcode Lock menu.

At this time, the vulnerability has only been shown to work with the iPhone 4. We were unable to reproduce the results with an iPhone 5 with Siri disabled, though the bug may potentially affect the pre-Siri iPhone 3GS as well.

Update 1:07 PM: iPhoneBlog.de reports that it has reproduced the issue on an iPhone 5 with Siri disabled, although we have still been unable to do so.

Article Link: New iPhone Passcode Security Flaw Discovered in iOS 6.1.3

[ZacNicholson]

wow that was fast

[iGuardian]

This is ridiculous. I understand that this is insecure but who the hell comes up with such an elaborate way to access just your phone and photos? Your phone's still safe from the average Joe.

[EmbraceTheOne]

I don't see the big deal in this...

[Radio]

Meh who cares

[MattMJB0188]

Does anyone even use the iPhone 4 anymore?

[troop231]

Wow, who figures this stuff out?

What's next? Stand on your head, rub your stomach while ejecting the SIM 3 times with 1.5 second pauses in between each one.

[anberlinairlift]

I'm just glad that Macrumors posted this. Complicated as it is, we want to make sure that criminals everywhere with stolen iPhone 4's will have no trouble accessing them.

/sarcasm

[lunaoso]

Quote:

Originally Posted by MattMJB0188

Does anyone even use the iPhone 4 anymore?

It's crazy but people still even buy them. And then they complain that it's too slow.

[roxxette]

Quote:

Originally Posted by troop231

Wow, who figures this stuff out?

What's next? Stand on your head, rub your stomach while ejecting the SIM 3 times with 1.5 second pauses in between each one.

Hahaha was thinking the same thing, dont kmow how they figure this stuff out !

[WatchTheThrone]

So expect 6.1.4 next week lol and 6.1.5 the week after that and so on and so forth....

[jmcrutch]

Are they using code to figure these out or is someone that bored that they'll employ the trial and error method? There must be a million different possible combinations of things you can try together, literally, in order to discover such a vulnerability.

[M-O]

perhaps they can fix this security hole by replacing the voice control feature on iPhone 4 with Siri.

...just a thought.

[Idgit]

Not sure if you're joking or not. In Canada, we have 3-year contracts so many of us are still using the iPhone 4. My contract doesn't expire until this August.

Quote:

Originally Posted by MattMJB0188

Does anyone even use the iPhone 4 anymore?

[jmcrutch]

Up down up down left right left right B A start ...

[joelvega125]

the people who figure out this crap are idiots. If I lose my phone I'm effed anyway. The old "voice dial paperclip sim tray pop out" trick will be the least of my worries.

[RenoG]

Yeah and thank you for putting the wonderful new quick and easy how-to out for all to see on bypassing the passcode. Now every savy iphone thief and hacker can go back to business as usual.

[goobot]

Wouldn't this effect the 3GS as well considering it has the same type voice control?

[M-O]

Quote:

Originally Posted by lunaoso

It's crazy but people still even buy them. And then they complain that it's too slow.

I just got one a few months ago (second hand). I don't feel it's too slow. Sure, it's slower than iPhone 5, but it's plenty fast for me.

still, if i were going to buy one on contract i'd definitely go with the 5.

[troop231]

Quote:

Originally Posted by jmcrutch

Up down up down left right left right B A start ...

http://www.youtube.com/watch?feature...7n2AJj4#t=400s

[tevion5]

Quote:

Originally Posted by MattMJB0188

Does anyone even use the iPhone 4 anymore?

Millions

[PinoyAko]

iPhone 4 has a Siri?

[RenoG]

Quote:

Originally Posted by MattMJB0188

Does anyone even use the iPhone 4 anymore?

Iphones don't suddenly expire when a new comes out you know...My wife has a 4 and it works perfectly, she has absolutely no desire or need whatsoever to upgrade..for what!

[PinoyAko]

Quote:

Originally Posted by troop231

Wow, who figures this stuff out?

What's next? Stand on your head, rub your stomach while ejecting the SIM 3 times with 1.5 second pauses in between each one.

Excuse me, 2.3 seconds not 1.5 seconds.

[iMikeT]

Who used Voice Command before Siri?