In association with heise online

15 February 2013, 11:28

iPhone vulnerability allows passcode-free access

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

iPhone icon A vulnerability exists which permits access to contacts and photos on locked iOS devices without entering the passcode – the technique can also be used to make phone calls. At The H, we were able to reproduce the problem on an iPhone 5 running the current iOS version 6.1.

To bypass the lock, turn on the device, slide the slider right to unlock and then touch the 'emergency call' icon. Hold down the on/off button (at the top right of the iPhone) until the device displays the 'Power off' option. Touch 'Cancel', dial an emergency call number, such as 112, touch the green 'call' icon and then immediately hang up.

Now turn the device off and on, operate the slider to unlock the device and then hold down the on/off button. Now for the tricky bit – after about three seconds, and just before the 'Power off' option is displayed, touch 'Emergency call' while continuing to hold down the on/off button.

The video that brought the passcode flaw to the attention of the world.

You may need a few tries to get this to work. If your timing is right, this opens the contacts list, which can be accessed as required as long as you continue to hold down the on/off button. From the contacts list, it is possible to make phone calls and even, by creating a new contact and clicking on 'Add photo', to access the photo gallery. All the access though is through the contacts list; there's no access to, for example, email or games.

Tricks for bypassing the passcode lock using the emergency call function have been discovered on previous iOS versions, including 2.0.2 and 4.1. The tricks involved in previous cases were somewhat simpler and the vulnerabilities were always rapidly patched.

Apple told All Things D: “We are aware of this issue, and will deliver a fix in a future software update," though it gave no date as to when to expect that update. Apple also has an outstanding issue with Exchange services, where the iPhone's Exchange connector can overload Exchange servers.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit