|Mar 20, 2013, 02:18 PM||#1|
New iPhone Passcode Security Flaw Discovered in iOS 6.1.3
Following yesterday's release of iOS 6.1.3, which fixed two bugs allowing the iPhone's passcode lock to be bypassed, another passcode security flaw has been discovered.
The vulnerability, which only affects the iPhone 4, involves the Voice Dial command, as demonstrated in the video below from YouTube user videosdebarraquito.
iPhoneinCanada tested the method in the video using an iPhone 4 running iOS 6.1.3 and found that the security flaw does indeed exist, giving a potential intruder access to both contacts and photos.
Like the previous passcode vulnerability, the current hack involves a complicated set of steps that includes initiating Voice Dial command and quickly ejecting the phone's SIM card.
When the SIM card is removed, the phone opens the recent call log, which gives access to the contact list. In the contact list, adding a photo also gives access to all of the pictures on the device.
The previous passcode vulnerability was discovered in mid-February, and it took Apple more than a month to push a fix. An update for the current bypass could follow a similar timeline, but the vulnerability can be fixed by disabling Voice Dial from the Passcode Lock menu.
At this time, the vulnerability has only been shown to work with the iPhone 4. We were unable to reproduce the results with an iPhone 5 with Siri disabled, though the bug may potentially affect the pre-Siri iPhone 3GS as well.
Update 1:07 PM: iPhoneBlog.de reports that it has reproduced the issue on an iPhone 5 with Siri disabled, although we have still been unable to do so.
Article Link: New iPhone Passcode Security Flaw Discovered in iOS 6.1.3
|Mar 20, 2013, 02:22 PM||#3|
This is ridiculous. I understand that this is insecure but who the hell comes up with such an elaborate way to access just your phone and photos? Your phone's still safe from the average Joe.
|Mar 20, 2013, 02:27 PM||#8|
I'm just glad that Macrumors posted this. Complicated as it is, we want to make sure that criminals everywhere with stolen iPhone 4's will have no trouble accessing them.
15" MacBook Pro (2.53 GHz, Mid 2009) 64GB iPhone 5S
|Mar 20, 2013, 02:27 PM||#10|
|Mar 20, 2013, 02:27 PM||#12|
Are they using code to figure these out or is someone that bored that they'll employ the trial and error method? There must be a million different possible combinations of things you can try together, literally, in order to discover such a vulnerability.
|Mar 20, 2013, 02:29 PM||#14|
|Mar 20, 2013, 02:30 PM||#16|
the people who figure out this crap are idiots. If I lose my phone I'm effed anyway. The old "voice dial paperclip sim tray pop out" trick will be the least of my worries.
|Mar 20, 2013, 02:30 PM||#17|
Yeah and thank you for putting the wonderful new quick and easy how-to out for all to see on bypassing the passcode. Now every savy iphone thief and hacker can go back to business as usual.
|Mar 20, 2013, 02:31 PM||#19|
still, if i were going to buy one on contract i'd definitely go with the 5.
|Mar 20, 2013, 02:35 PM||#23|
|Mar 20, 2013, 02:35 PM||#24|
|Thread Tools||Search this Thread|
|thread||Thread Starter||Forum||Replies||Last Post|
|iOS 7 Security Flaw Leaves Stored Email Attachments Unencrypted [Updated]||MacRumors||MacRumors.com News Discussion||130||May 8, 2014 03:41 PM|
|Alleged iOS Security Flaw Enables Malicious Apps to Secretly Log User Touch Inputs||MacRumors||MacRumors.com News Discussion||127||Feb 26, 2014 05:44 PM|
|Resolved: iPhone 5s / iOS 7 security flaw||ctross||iPhone||2||Sep 24, 2013 04:12 AM|
|Major iOS security flaw.||CylonGlitch||iOS 6||21||Feb 16, 2013 02:47 AM|
|I have just discovered a major security flaw in iOS 6.1||S1RiOS||iPhone||71||Feb 15, 2013 10:20 AM|
All times are GMT -5. The time now is 10:34 PM.