New iPhone Passcode Security Flaw Discovered in iOS 6.1.3

Discussion in 'iOS Blog Discussion' started by MacRumors, Mar 20, 2013.

  1. macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    [​IMG]
    Following yesterday's release of iOS 6.1.3, which fixed two bugs allowing the iPhone's passcode lock to be bypassed, another passcode security flaw has been discovered.

    The vulnerability, which only affects the iPhone 4, involves the Voice Dial command, as demonstrated in the video below from YouTube user videosdebarraquito.

    iPhoneinCanada
    tested the method in the video using an iPhone 4 running iOS 6.1.3 and found that the security flaw does indeed exist, giving a potential intruder access to both contacts and photos.

    Like the previous passcode vulnerability, the current hack involves a complicated set of steps that includes initiating Voice Dial command and quickly ejecting the phone's SIM card.

    When the SIM card is removed, the phone opens the recent call log, which gives access to the contact list. In the contact list, adding a photo also gives access to all of the pictures on the device.

    The previous passcode vulnerability was discovered in mid-February, and it took Apple more than a month to push a fix. An update for the current bypass could follow a similar timeline, but the vulnerability can be fixed by disabling Voice Dial from the Passcode Lock menu.

    At this time, the vulnerability has only been shown to work with the iPhone 4. We were unable to reproduce the results with an iPhone 5 with Siri disabled, though the bug may potentially affect the pre-Siri iPhone 3GS as well.

    Update 1:07 PM: iPhoneBlog.de reports that it has reproduced the issue on an iPhone 5 with Siri disabled, although we have still been unable to do so.

    Article Link: New iPhone Passcode Security Flaw Discovered in iOS 6.1.3
     
  2. macrumors 6502a

    ZacNicholson

    Joined:
    Jun 25, 2011
    Location:
    Indiana
    #2
    wow that was fast
     
  3. macrumors 6502a

    iGuardian

    Joined:
    Aug 26, 2008
    #3
    This is ridiculous. I understand that this is insecure but who the hell comes up with such an elaborate way to access just your phone and photos? Your phone's still safe from the average Joe.
     
  4. macrumors 6502a

    EmbraceTheOne

    Joined:
    Aug 26, 2011
    #4
    I don't see the big deal in this...
     
  5. macrumors 68000

    Joined:
    Mar 5, 2012
    Location:
    Central California
    #5
    Meh who cares
     
  6. macrumors 68000

    MattMJB0188

    Joined:
    Dec 28, 2009
    #6
    Does anyone even use the iPhone 4 anymore?
     
  7. macrumors 603

    troop231

    Joined:
    Jan 20, 2010
    #7
    Wow, who figures this stuff out?

    What's next? Stand on your head, rub your stomach while ejecting the SIM 3 times with 1.5 second pauses in between each one.

    :rolleyes:
     
  8. macrumors member

    anberlinairlift

    Joined:
    Nov 16, 2010
    Location:
    Charlotte Hall, MD
    #8
    I'm just glad that Macrumors posted this. Complicated as it is, we want to make sure that criminals everywhere with stolen iPhone 4's will have no trouble accessing them.

    /sarcasm
     
  9. macrumors 65816

    lunaoso

    Joined:
    Sep 22, 2012
    Location:
    New England, USA
    #9
    It's crazy but people still even buy them. And then they complain that it's too slow. :eek:
     
  10. macrumors 68000

    roxxette

    Joined:
    Aug 9, 2011
    #10
    Hahaha was thinking the same thing, dont kmow how they figure this stuff out !
     
  11. macrumors regular

    Joined:
    Aug 2, 2011
    #11
    So expect 6.1.4 next week lol and 6.1.5 the week after that and so on and so forth....
     
  12. macrumors regular

    Joined:
    Jul 27, 2010
    #12
    Are they using code to figure these out or is someone that bored that they'll employ the trial and error method? There must be a million different possible combinations of things you can try together, literally, in order to discover such a vulnerability.
     
  13. M-O
    macrumors 6502a

    M-O

    Joined:
    Mar 15, 2011
    #13
    perhaps they can fix this security hole by replacing the voice control feature on iPhone 4 with Siri.

    ...just a thought.
     
  14. macrumors 6502

    Joined:
    Mar 14, 2004
    #14
    Not sure if you're joking or not. In Canada, we have 3-year contracts so many of us are still using the iPhone 4. My contract doesn't expire until this August.

     
  15. macrumors regular

    Joined:
    Jul 27, 2010
    #15
    Up down up down left right left right B A start ...
     
  16. macrumors regular

    Joined:
    Jun 15, 2010
    #16
    the people who figure out this crap are idiots. If I lose my phone I'm effed anyway. The old "voice dial paperclip sim tray pop out" trick will be the least of my worries.
     
  17. macrumors 65816

    Joined:
    Oct 7, 2010
    #17
    Yeah and thank you for putting the wonderful new quick and easy how-to out for all to see on bypassing the passcode. Now every savy iphone thief and hacker can go back to business as usual.
     
  18. macrumors 601

    goobot

    Joined:
    Jun 26, 2009
    Location:
    long island NY
    #18
    Wouldn't this effect the 3GS as well considering it has the same type voice control?
     
  19. M-O
    macrumors 6502a

    M-O

    Joined:
    Mar 15, 2011
    #19
    I just got one a few months ago (second hand). I don't feel it's too slow. Sure, it's slower than iPhone 5, but it's plenty fast for me.

    still, if i were going to buy one on contract i'd definitely go with the 5.
     
  20. macrumors 603

    troop231

    Joined:
    Jan 20, 2010
    #20
  21. macrumors 65816

    tevion5

    Joined:
    Jul 12, 2011
    Location:
    UCD, Ireland
    #21
    Millions
     
  22. macrumors 6502

    Joined:
    Nov 25, 2012
    #22
    iPhone 4 has a Siri?
     
  23. macrumors 65816

    Joined:
    Oct 7, 2010
    #23
    Iphones don't suddenly expire when a new comes out you know...My wife has a 4 and it works perfectly, she has absolutely no desire or need whatsoever to upgrade..for what!
     
  24. macrumors 6502

    Joined:
    Nov 25, 2012
    #24

    Excuse me, 2.3 seconds not 1.5 seconds.
     
  25. macrumors 68020

    Joined:
    Jul 8, 2006
    Location:
    California
    #25
    Who used Voice Command before Siri?
     

Share This Page