PasscodeIt’s getting hard to keep track of all the bugs piling up for Apple’s iPhone. Now it seems a glitch in the iOS kernel of Apple’s much maligned iOS 6.1 is responsible for yet another passcode bypass vulnerability, the second to surface this month. Attackers can apparently access users’ photos, contacts and more by following a series of steps on an iPhone running iOS 6.1.

The vulnerability was detailed in a post on the Full Disclosure mailing list late last week by Benjamin Kunz Mejri, founder and CEO of Vulnerability Lab.

Similar to the iPhone’s passcode vulnerability, the exploit involves manipulating the phone’s screenshot function, its emergency call function and its power button. Users can make an emergency call (911 for example) on the phone and then cancel it while toggling the power on and off to get temporary access to the phone. A video posted by the group shows a user flipping through the phone’s voicemail list and contacts list while holding down the power button. From there an attacker could get the phone’s screen to turn black before it can be connected to a computer via a USB cord. The device’s photos, contacts and more “will be available directly from the device hard drive without the pin to access,” according to the advisory.

The first half of the exploit borrows heavily from last week’s vulnerability – and the Lab notes this in the caption of the video that documents its proof of concept (“already release by other researcher”). It’s the second bypass – which can be achieved by holding down the power button, the screenshot button and the emergency button – that’s interesting; as it makes the phone’s screen, minus the top bar, go black. From there it can be plugged into a computer and the information can be harvested via iTunes from the phone’s hard drive with read/write access. In the accompanying video, the phone’s images and address book can be viewed on a PC without the user having to enter the phone’s passcode thanks to iTunes’ iPhone sync function.

Apple updated iOS 6.1 to 6.1.2 earlier this week but failed to address the recent passcode bug, instead opting to patch an Exchange calendar bug that had long affected users’ phone’s network activity and battery.

Last week representatives from Apple told Wall Street Journal’s AllThingsD they were aware of the first passcode bug and were developing a fix for “a future software update.”

Categories: Mobile Security

Comments (14)

  1. Anonymous
    1

    “It’s getting hard to keep track of all the bugs piling up for Apple’s iPhone.”

    Really?  You find counting to 3 difficult?

  2. VaraMan
    2

    I love this german guy because he really do stuff and not flaming around like others. Good Job Mr. Benjamin

     

  3. Anonymous
    3

    It’s getting hard to keep track of all the bugs piling up for Apple’s iPhone.”

    You can always count on a Microsoft asshole to be an asshole.

  4. Anonymous
    4

    Did you plug the iPhone into a system that had already connected to that device previously?

    Did you try connecting to iTunes on a virgin system?  I think it would required to enter the unlock code. 

  5. Anonymous
    6

    This is getting ridiculous — physical access to the iPhone is required so, unless you voluntarily hand over your phone or it is lost/stolen and falls into the hands of someone with a lot of dexterity, this whole thing is a non-issue.

    What is really sad is that someone is either employed, or has too much time, to sit and test conbinations of button presses. Given the choice of playing with myself and exercising my weaker arm or trying to hack into my iPhone, I’d prefer to exercise my arm.

  6. Anonymous
    8

    Yeah, as Anonymous 4:58am says  “physical access to the iPhone is required so, unless you voluntarily hand over your phone or it is lost/stolen and falls into the hands of someone with a lot of dexterity, this whole thing is a non-issue.”

    …and no-one EVER loses their phone or has it stolen.

  7. s32Kevlar
    9

    The telecom confirmed the 2nd vulnerability also and reproduced them today. I am shocked and impressed by this guy because he is an aweesome hacker. I reproduced both bugs and was not connected ago with my mobile to sync. Very cool method to bypass and i hope apple close this issue as fast as possible.

Comments are closed.