PasscodeIt’s getting hard to keep track of all the bugs piling up for Apple’s iPhone. Now it seems a glitch in the iOS kernel of Apple’s much maligned iOS 6.1 is responsible for yet another passcode bypass vulnerability, the second to surface this month. Attackers can apparently access users’ photos, contacts and more by following a series of steps on an iPhone running iOS 6.1.

The vulnerability was detailed in a post on the Full Disclosure mailing list late last week by Benjamin Kunz Mejri, founder and CEO of Vulnerability Lab.

Similar to the iPhone’s passcode vulnerability, the exploit involves manipulating the phone’s screenshot function, its emergency call function and its power button. Users can make an emergency call (911 for example) on the phone and then cancel it while toggling the power on and off to get temporary access to the phone. A video posted by the group shows a user flipping through the phone’s voicemail list and contacts list while holding down the power button. From there an attacker could get the phone’s screen to turn black before it can be connected to a computer via a USB cord. The device’s photos, contacts and more “will be available directly from the device hard drive without the pin to access,” according to the advisory.

The first half of the exploit borrows heavily from last week’s vulnerability – and the Lab notes this in the caption of the video that documents its proof of concept (“already release by other researcher”). It’s the second bypass – which can be achieved by holding down the power button, the screenshot button and the emergency button – that’s interesting; as it makes the phone’s screen, minus the top bar, go black. From there it can be plugged into a computer and the information can be harvested via iTunes from the phone’s hard drive with read/write access. In the accompanying video, the phone’s images and address book can be viewed on a PC without the user having to enter the phone’s passcode thanks to iTunes’ iPhone sync function.

Apple updated iOS 6.1 to 6.1.2 earlier this week but failed to address the recent passcode bug, instead opting to patch an Exchange calendar bug that had long affected users’ phone’s network activity and battery.

Last week representatives from Apple told Wall Street Journal’s AllThingsD they were aware of the first passcode bug and were developing a fix for “a future software update.”

Categories: Apple, Mobile Security

Comments (14)

  1. Anonymous
    1

    “It’s getting hard to keep track of all the bugs piling up for Apple’s iPhone.”

    Really?  You find counting to 3 difficult?

  2. VaraMan
    2

    I love this german guy because he really do stuff and not flaming around like others. Good Job Mr. Benjamin

     

  3. Anonymous
    3

    It’s getting hard to keep track of all the bugs piling up for Apple’s iPhone.”

    You can always count on a Microsoft asshole to be an asshole.

  4. Anonymous
    4

    Did you plug the iPhone into a system that had already connected to that device previously?

    Did you try connecting to iTunes on a virgin system?  I think it would required to enter the unlock code. 

  5. Anonymous
    6

    This is getting ridiculous — physical access to the iPhone is required so, unless you voluntarily hand over your phone or it is lost/stolen and falls into the hands of someone with a lot of dexterity, this whole thing is a non-issue.

    What is really sad is that someone is either employed, or has too much time, to sit and test conbinations of button presses. Given the choice of playing with myself and exercising my weaker arm or trying to hack into my iPhone, I’d prefer to exercise my arm.

  6. Anonymous
    8

    Yeah, as Anonymous 4:58am says  “physical access to the iPhone is required so, unless you voluntarily hand over your phone or it is lost/stolen and falls into the hands of someone with a lot of dexterity, this whole thing is a non-issue.”

    …and no-one EVER loses their phone or has it stolen.

  7. s32Kevlar
    9

    The telecom confirmed the 2nd vulnerability also and reproduced them today. I am shocked and impressed by this guy because he is an aweesome hacker. I reproduced both bugs and was not connected ago with my mobile to sync. Very cool method to bypass and i hope apple close this issue as fast as possible.

  8. Anonymous
    11

    I dont know how Eugene Kaspersky is a “Microsoft Asshole” – He is the founder of an Anti-Virus company that protects the widest variety of computer OS’s in the market. In addition… if you put some thought in it you might figure out that he is pointing out the weaknesses of Apple becasue they claim not to have them… it is there own fault, they are asking for people to prove them wrong. In addition… Apple does not let any Anti-Malware company provide protection for iPhone/iPad’s… they will not let anyone use there API. Now that is the BS reason Android owns the market.

  9. awcar
    12

    It is common for our iPhone users to meet problem with iPhone password, esp, the iPhone backup password issue. I have met the problem before. Tried many ways but not work for my iPhone. Finally, the pro tool “iPhone Backup Unlocker” helped me. Just share my case with more of iPhone users.

  10. Anonymous
    13

    you think it’s sad to have bug testers? The device that you used to type this ridiculous statement would be a sad shell of what it’s capable of if it weren’t tested thoroughly. 

    Just while browsing images app, I found a bug when I first got my phone. Some bugs you just come across and tell others. Then yes, you have others who sit there and try to figure these things out. 

    However, compared to you, they’d have the wits and dexterity to realize they could simply hack their phone with their LEFT hand and play with themselves with their Right.  

  11. Anonymous
    14

    you think it’s sad to have bug testers? The device that you used to type this ridiculous statement would be a sad shell of what it’s capable of if it weren’t tested thoroughly. 

    Just while browsing images app, I found a bug when I first got my phone. Some bugs you just come across and tell others. Then yes, you have others who sit there and try to figure these things out. 

    However, compared to you, they’d have the wits and dexterity to realize they could simply hack their phone with their LEFT hand and play with themselves with their Right.  

Comments are closed.