February 2013::iOS 6.1.2 Screen Lock bypass – another Exploit Exposed

After a series of security issues, it appears that Apple still has not been able to resolve all the issue in iOS. Last week, Apple rolled out its iOS 6.1.2 update to owners of the iPhone, iPad and iPod touch in an effort to fixing the 3G connectivity and an Exchange calendar bugs.

Hackers found an iOS 6 bug two weeks ago that allowed thieves into your phone, but only the Phone app and the features contained within could be accessed. Just after that, recently another screen lock bypass vulnerability reported in iOS 6.1 by Vulnerability Lab.

This vulnerability allows users to bypass the lock screen pass code and access the phones photos and contacts. Researchers say the vulnerable device can be plugged into a computer via USB and access data like voice mails, pictures, contacts, etc.

This particular vulnerability was shared in detail over in a YouTube video for the masses, you can see the video tutorial as shown below:

 

Steps to Follow:
  1. Connect your device with itunes and the appstore to make sure the code lock is activated
  2. Push the power button (top|right)
  3. The mobile will be activated and the iOS code lock will be visible
  4. Now, you click on the emergency call
  5. Try to dail any random emergency call number from a public listing (we used 911, 110 and 112)
  6. Call the number and cancel the call directly after the dail without a direct connection to the number
  7. Push again the power button and push after it the iphone button (square) in the middle
  8. In the next step you push the power button 3 secounds and in the third secound you push also with one finger the
  9. square and with another the emergency call button
  10. After pushing all 3 buttons you turn your finger of the square (middle) button and after it of the power button
  11. The display of the iOS will be black (blackscreen)
  12. Take our your usb plug and connect it with the iOS device in black screen mode
  13. All files like photos, contacts and co. will be available directly from the device harddrive without the pin to access.
Note : There is a limitation in this method  also, that is actually not mentioned by hackers. The file system of iOS is in encrypted form. So, when your pass code protected iPhone is connected to a new computer, it must first be unlocked before it can be accessed by the computer. Smooth way connectivity is only possible only if the computer used to gain access to your file system has been successfully connected to your iPhone before.
It’s not clear if the company is aware of this second flaw or if a fix for it is also inbound.
Credit: Mohit Kumar
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s