It’s getting hard to keep track of all the bugs piling up for Apple’s iPhone. Now it seems a glitch in the iOS kernel of Apple’s much maligned iOS 6.1 is responsible for yet another passcode bypass vulnerability, the second to surface this month. Attackers can apparently access users’ photos, contacts and more by following a series of steps on an iPhone running iOS 6.1.
The vulnerability was detailed in a post on the Full Disclosure mailing list late last week by Benjamin Kunz Mejri, founder and CEO of Vulnerability Lab.
Similar to the iPhone’s passcode vulnerability, the exploit involves manipulating the phone’s screenshot function, its emergency call function and its power button. Users can make an emergency call (911 for example) on the phone and then cancel it while toggling the power on and off to get temporary access to the phone. A video posted by the group shows a user flipping through the phone’s voicemail list and contacts list while holding down the power button. From there an attacker could get the phone’s screen to turn black before it can be connected to a computer via a USB cord. The device’s photos, contacts and more “will be available directly from the device hard drive without the pin to access,” according to the advisory.
The first half of the exploit borrows heavily from last week’s vulnerability – and the Lab notes this in the caption of the video that documents its proof of concept (“already release by other researcher”). It’s the second bypass – which can be achieved by holding down the power button, the screenshot button and the emergency button – that’s interesting; as it makes the phone’s screen, minus the top bar, go black. From there it can be plugged into a computer and the information can be harvested via iTunes from the phone’s hard drive with read/write access. In the accompanying video, the phone’s images and address book can be viewed on a PC without the user having to enter the phone’s passcode thanks to iTunes’ iPhone sync function.
Apple updated iOS 6.1 to 6.1.2 earlier this week but failed to address the recent passcode bug, instead opting to patch an Exchange calendar bug that had long affected users’ phone’s network activity and battery.
Last week representatives from Apple told Wall Street Journal’s AllThingsD they were aware of the first passcode bug and were developing a fix for “a future software update.”