I have just discovered a major security flaw in iOS 6.1

Discussion in 'iPhone' started by S1RiOS, Jan 16, 2013.

  1. macrumors newbie

    Joined:
    Jan 16, 2013
    #1
    This simple and easy to pull off trick allows for an attacker to bypass an iPhone's pass code and obtain full access (see and edit) to contacts list, list of recent calls, favorite contacts, and even make a call to any phone number on the hacked device and erase the log.
    Should I shut up? or should I publish the trick for the iPhone users are prevented?
     
  2. Moderator

    SandboxGeneral

    Staff Member

    Joined:
    Sep 8, 2010
    Location:
    Detroit, Michigan
    #2
    If you're serious, you should keep it to yourself and notify Apple.
     
  3. macrumors 68020

    Mlrollin91

    Joined:
    Nov 20, 2008
    Location:
    Ventura
    #3
    How exactly is that a major security flaw? So they have access to the phone? I think a larger flaw is being able to turn off the phone when locked, therefore Find My iPhone does not work and the potential for it to be restored and never found.
     
  4. macrumors 68000

    r2shyyou

    Joined:
    Oct 3, 2010
    Location:
    Paris, France
    #4
    Since iOS 6.1 is still in beta, you should obviously contact Apple. Relatively few users would be able to take steps to prevent this supposed flaw since relatively few users have 6.1.

    If it comes out and the flaw is still present, then you may want to consider publishing it.
     
  5. thread starter macrumors newbie

    Joined:
    Jan 16, 2013
    #5
    Thanks friends, the flaw is also present in iOS 6.0.1 and 6.0.2 I have 10B5126b 6.1 but I'm not developer, I do not know how to inform to Apple, I hope Apple is reading this and contact me.
     
  6. macrumors 68000

    r2shyyou

    Joined:
    Oct 3, 2010
    Location:
    Paris, France
    #6
    This is the most direct way to contact Apple.
     
  7. macrumors 6502

    Joined:
    Oct 12, 2012
    Location:
    Rio de Janeiro, Brazil
    #7
    I agree,

    That is a huge security flaw, it really makes Find my iPhone pointless... Hope Apple changes that in the future. Also it would be cool if you could password protect only certain apps. For example password protect settings to Find my iPhone can't be turned off, by keep the iPhone itself without a pin code, so it's faster to unlock and stuff. Also, have a pin code to turn off the device...

    Pietro
     
  8. macrumors regular

    Joined:
    Sep 20, 2012
    #8
    On a related note about find my iphone, doesn't Find my iPhone use cellular data to get it's location? So preventing someone from turning off iphone when locked would be pointless. All the would be thief has to do is pop out the SIM card and the stolen iphone loses connectivity unless the phone is somehow connected via free wifi.
     
  9. macrumors 6502

    Joined:
    Oct 12, 2012
    Location:
    Rio de Janeiro, Brazil
    #9
    Good point, I hadn't considered that

    Pietro
     
  10. macrumors 68020

    Mlrollin91

    Joined:
    Nov 20, 2008
    Location:
    Ventura
    #10
    Never thought about that either. Well it wouldn't be a problem for the CDMA version, but GSM would definitely have a problem. Regardless I feel Apple needs to really address this issue because it really does make Find My iPhone completely pointless if there are so many works around it.
     
  11. S1RiOS, Jan 16, 2013
    Last edited: Jan 16, 2013

    thread starter macrumors newbie

    Joined:
    Jan 16, 2013
    #11
    Do you think that to fix it Apple will delay the 6.1 official release? I look forward the new iOS because I read that the untethered jailbreak will come at the same time.
     
  12. macrumors newbie

    Joined:
    Jan 15, 2013
    #12
    Find my iPhone is really a mess. It needs these two fixes.

    1) It should have been integrated into the ios like the weather app or any of the others, that way it could not be removed and it should have no Off mode, that should be something that can only be done on the net when you log into the account.

    2) It should have worked with the phones serial number or CID so that once you register it the phone remains trackable by you and only you, unless you decide to login into Apple and release the number when your selling or giving away the phone.

    If those two things where done it would not matter what the thief did because sooner or later he will have a Sim in the phone or wifi connected and Pow you know exactly where he is and if you can't get your phone back because he's in Nigeria, etc. You will still be able to remotely wipe his phone every week or so just to piss him off.
     
  13. macrumors 603

    scaredpoet

    Joined:
    Apr 6, 2007
    #13
    Depends on what the flaw is and whether it lives up to the hype you're giving it.
     
  14. macrumors 6502a

    mikeydeezy

    Joined:
    Jun 15, 2010
    Location:
    MN, USA
    #14

    Man I'd torment the thief with this. Go an extra week between wipes to give them false hope and wipe it again. :mad:
     
  15. macrumors newbie

    Joined:
    Jan 15, 2013
    #15
    Oh it would be so cool to be able to make him miserable, it might make him go out and go after the guy who sold him your phone. At the very least iPhones would become one of the least desirable phones to steal.
     
  16. macrumors 6502a

    Joined:
    Sep 6, 2010
    #16
    I agree with you about the password thing. I mean heck, the mac is able to ask you for an admin password when another user is logged in and you want to shutdown, so why not require a shutdown passcode for ios devices (make it a voluntary feature of course cause not everyone would want this). Then just make sure that hard reset is only able to restart the phone, that way, it will always be 'on'.
     
  17. macrumors 65816

    wrkactjob

    Joined:
    Feb 29, 2008
    Location:
    London
    #17
    Hay Newbie, you can not be serious!
     
  18. macrumors 6502

    Eric374

    Joined:
    Sep 25, 2006
    Location:
    Wichita, Kansas
    #18
    Pop out the sim on my Verizon 5 and I get a big "NO SERVICE", so CDMA doesn't matter either.
     
  19. TSX
    macrumors 68030

    TSX

    Joined:
    Oct 1, 2008
    Location:
    Texas
    #19
    Why not give it to some JB devs for a future jailbreak. They need it.
     
  20. macrumors P6

    Joined:
    Oct 17, 2011
    #20
    Is it really a (security) flaw or perhaps just some possibly misunderstood yet valid usecase?

    Especially when it comes to "simple and easy to pull off trick", far too many times people have mentioned security flaws and it simply turned out to be nothing more than a misunderstanding or a particular phone/app configuration of some sort, and certainly not a flaw, let alone a (major) security one.
     
  21. macrumors 68020

    aPple nErd

    Joined:
    Feb 12, 2012
    Location:
    Jailbreaks/IOS Hacks
    #21
    absolutely do not notifupy apple, contact the jb team first!!!!!!!!!
     
  22. macrumors 68020

    Mlrollin91

    Joined:
    Nov 20, 2008
    Location:
    Ventura
    #22
    Really? I didn't know that. I thought the sim card slot was only used in a CDMA phone for "world phone" purposes. Well then that makes Find My iPhone even more pointless...
     
  23. macrumors 68030

    dictoresno

    Joined:
    Apr 30, 2012
    Location:
    NJ
    #23
    LTE is based on GSM technology, which requires network authentication using a SIM. so they have integrated its need into the iphone 5. without it, it will render even the CDMA side useless.
     
  24. macrumors regular

    Brandon0448

    Joined:
    Aug 2, 2011
    Location:
    Wasilla, Alaska
    #24
    Find my iPhone will never be perfect, I always thought it was more for a lost device than a stolen one. Like the saying goes a lock only keeps an honest man out. If a thief wants your stuff and is motivated enough they will get it and there is nothing you can do about it. It is the sad truth.

    -Brandon
     
  25. macrumors regular

    Joined:
    Jun 8, 2010
    #25
    If he's got 6.1, isn't that a beta, and that would mean he's a developer, right? I would think Apple makes it clear how they report bugs.
     

Share This Page