Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

I have just discovered a major security flaw in iOS 6.1

S

S1RiOS

macrumors newbie
Original poster
Jan 16, 2013
7
0
This simple and easy to pull off trick allows for an attacker to bypass an iPhone's pass code and obtain full access (see and edit) to contacts list, list of recent calls, favorite contacts, and even make a call to any phone number on the hacked device and erase the log.
Should I shut up? or should I publish the trick for the iPhone users are prevented?
 
S1RiOS said:
This simple and easy to pull off trick allows for an attacker to bypass an iPhone's pass code and obtain full access (see and edit) to contacts list, list of recent calls, favorite contacts, and even make a call to any phone number on the hacked device and erase the log.
Should I shut up? or should I publish the trick for the iPhone users are prevented?
Click to expand...

If you're serious, you should keep it to yourself and notify Apple.
 
S1RiOS said:
This simple and easy to pull off trick allows for an attacker to bypass an iPhone's pass code and obtain full access (see and edit) to contacts list, list of recent calls, favorite contacts, and even make a call to any phone number on the hacked device and erase the log.
Should I shut up? or should I publish the trick for the iPhone users are prevented?
Click to expand...

How exactly is that a major security flaw? So they have access to the phone? I think a larger flaw is being able to turn off the phone when locked, therefore Find My iPhone does not work and the potential for it to be restored and never found.
 
S1RiOS said:
This simple and easy to pull off trick allows for an attacker to bypass an iPhone's pass code and obtain full access (see and edit) to contacts list, list of recent calls, favorite contacts, and even make a call to any phone number on the hacked device and erase the log.
Should I shut up? or should I publish the trick for the iPhone users are prevented?
Click to expand...

Since iOS 6.1 is still in beta, you should obviously contact Apple. Relatively few users would be able to take steps to prevent this supposed flaw since relatively few users have 6.1.

If it comes out and the flaw is still present, then you may want to consider publishing it.
 
Thanks friends, the flaw is also present in iOS 6.0.1 and 6.0.2 I have 10B5126b 6.1 but I'm not developer, I do not know how to inform to Apple, I hope Apple is reading this and contact me.
 
Mlrollin91 said:
I think a larger flaw is being able to turn off the phone when locked, therefore Find My iPhone does not work and the potential for it to be restored and never found.
Click to expand...

I agree,

That is a huge security flaw, it really makes Find my iPhone pointless... Hope Apple changes that in the future. Also it would be cool if you could password protect only certain apps. For example password protect settings to Find my iPhone can't be turned off, by keep the iPhone itself without a pin code, so it's faster to unlock and stuff. Also, have a pin code to turn off the device...

Pietro
 
pmontanarella said:
I agree,

That is a huge security flaw, it really makes Find my iPhone pointless... Hope Apple changes that in the future. Also it would be cool if you could password protect only certain apps. For example password protect settings to Find my iPhone can't be turned off, by keep the iPhone itself without a pin code, so it's faster to unlock and stuff. Also, have a pin code to turn off the device...

Pietro
Click to expand...

On a related note about find my iphone, doesn't Find my iPhone use cellular data to get it's location? So preventing someone from turning off iphone when locked would be pointless. All the would be thief has to do is pop out the SIM card and the stolen iphone loses connectivity unless the phone is somehow connected via free wifi.
 
liteshow said:
On a related note about find my iphone, doesn't Find my iPhone use cellular data to get it's location? So preventing someone from turning off iphone when locked would be pointless. All the would be thief has to do is pop out the SIM card and the stolen iphone loses connectivity unless the phone is somehow connected via free wifi.
Click to expand...

Good point, I hadn't considered that

Pietro
 
liteshow said:
On a related note about find my iphone, doesn't Find my iPhone use cellular data to get it's location? So preventing someone from turning off iphone when locked would be pointless. All the would be thief has to do is pop out the SIM card and the stolen iphone loses connectivity unless the phone is somehow connected via free wifi.
Click to expand...

Never thought about that either. Well it wouldn't be a problem for the CDMA version, but GSM would definitely have a problem. Regardless I feel Apple needs to really address this issue because it really does make Find My iPhone completely pointless if there are so many works around it.
 
Do you think that to fix it Apple will delay the 6.1 official release? I look forward the new iOS because I read that the untethered jailbreak will come at the same time.
 
Last edited:
Find my iPhone is really a mess. It needs these two fixes.

1) It should have been integrated into the ios like the weather app or any of the others, that way it could not be removed and it should have no Off mode, that should be something that can only be done on the net when you log into the account.

2) It should have worked with the phones serial number or CID so that once you register it the phone remains trackable by you and only you, unless you decide to login into Apple and release the number when your selling or giving away the phone.

If those two things where done it would not matter what the thief did because sooner or later he will have a Sim in the phone or wifi connected and Pow you know exactly where he is and if you can't get your phone back because he's in Nigeria, etc. You will still be able to remotely wipe his phone every week or so just to piss him off.
 
S1RiOS said:
Do you think that to fix it Apple will delay the 6.1 official release? I look forward the new iOS because I read that the untethered jailbreak will come at the same time.
Click to expand...

Depends on what the flaw is and whether it lives up to the hype you're giving it.
 
mikeydeezy said:
Man I'd torment the thief with this. Go an extra week between wipes to give them false hope and wipe it again. :mad:
Click to expand...

Oh it would be so cool to be able to make him miserable, it might make him go out and go after the guy who sold him your phone. At the very least iPhones would become one of the least desirable phones to steal.
 
pmontanarella said:
I agree,

That is a huge security flaw, it really makes Find my iPhone pointless... Hope Apple changes that in the future. Also it would be cool if you could password protect only certain apps. For example password protect settings to Find my iPhone can't be turned off, by keep the iPhone itself without a pin code, so it's faster to unlock and stuff. Also, have a pin code to turn off the device...

Pietro
Click to expand...

I agree with you about the password thing. I mean heck, the mac is able to ask you for an admin password when another user is logged in and you want to shutdown, so why not require a shutdown passcode for ios devices (make it a voluntary feature of course cause not everyone would want this). Then just make sure that hard reset is only able to restart the phone, that way, it will always be 'on'.
 
S1RiOS said:
This simple and easy to pull off trick allows for an attacker to bypass an iPhone's pass code and obtain full access (see and edit) to contacts list, list of recent calls, favorite contacts, and even make a call to any phone number on the hacked device and erase the log.
Should I shut up? or should I publish the trick for the iPhone users are prevented?
Click to expand...

Hay Newbie, you can not be serious!
 
Mlrollin91 said:
Never thought about that either. Well it wouldn't be a problem for the CDMA version, but GSM would definitely have a problem. Regardless I feel Apple needs to really address this issue because it really does make Find My iPhone completely pointless if there are so many works around it.
Click to expand...

Pop out the sim on my Verizon 5 and I get a big "NO SERVICE", so CDMA doesn't matter either.
 
S1RiOS said:
This simple and easy to pull off trick allows for an attacker to bypass an iPhone's pass code and obtain full access (see and edit) to contacts list, list of recent calls, favorite contacts, and even make a call to any phone number on the hacked device and erase the log.
Should I shut up? or should I publish the trick for the iPhone users are prevented?
Click to expand...
Is it really a (security) flaw or perhaps just some possibly misunderstood yet valid usecase?

Especially when it comes to "simple and easy to pull off trick", far too many times people have mentioned security flaws and it simply turned out to be nothing more than a misunderstanding or a particular phone/app configuration of some sort, and certainly not a flaw, let alone a (major) security one.
 
s1rios said:
this simple and easy to pull off trick allows for an attacker to bypass an iphone's pass code and obtain full access (see and edit) to contacts list, list of recent calls, favorite contacts, and even make a call to any phone number on the hacked device and erase the log.
Should i shut up? Or should i publish the trick for the iphone users are prevented?
Click to expand...

absolutely do not notifupy apple, contact the jb team first!!!!!!!!!
 
Eric374 said:
Pop out the sim on my Verizon 5 and I get a big "NO SERVICE", so CDMA doesn't matter either.
Click to expand...

Really? I didn't know that. I thought the sim card slot was only used in a CDMA phone for "world phone" purposes. Well then that makes Find My iPhone even more pointless...
 
Mlrollin91 said:
Really? I didn't know that. I thought the sim card slot was only used in a CDMA phone for "world phone" purposes. Well then that makes Find My iPhone even more pointless...
Click to expand...

LTE is based on GSM technology, which requires network authentication using a SIM. so they have integrated its need into the iphone 5. without it, it will render even the CDMA side useless.
 
Find my iPhone will never be perfect, I always thought it was more for a lost device than a stolen one. Like the saying goes a lock only keeps an honest man out. If a thief wants your stuff and is motivated enough they will get it and there is nothing you can do about it. It is the sad truth.

-Brandon
 
If he's got 6.1, isn't that a beta, and that would mean he's a developer, right? I would think Apple makes it clear how they report bugs.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back