Another iOS 6.1 trick to bypass the Lock screen

By , Feb 25, 2013

So what’s up with Apple and the iPhone’s Lock screen? I mean, the various Lock screen vulnerabilities have persisted in iOS since the first passcode flaw was discovered in iOS 2.0 – and that was way back in July of 2008. And now, in addition to a simple passcode bypass trick a YouTube user detailed on Valentine’s Day, another method of circumventing the Lock screen passcode has been discovered and highlighted in a video above…

Antivirus maker Kaspersky wrote in a threat post:

Similar to the iPhone’s passcode vulnerability, the exploit involves manipulating the phone’s screenshot function, its emergency call function and its power button.

Users can make an emergency call (911 for example) on the phone and then cancel it while toggling the power on and off to get temporary access to the phone.

Jacqui Cheng of Ars Technica explains the exploit, which was discovered and detailed on February 18 by Vulnerability Lab CEO Benjamin Kunz Mejri:

The difference between the first exploit and this one is how it can make the iPhone screen go black, allowing an attacker to plug the device into a computer via USB and access the user’s data without having their PIN or passcode credentials.

And like the first exploit, this one lets a malicious user bypass a passcode on the Lock screen and gain access to your messages, phone calls, contacts and other private data.

You can reproduce the glitch using the following steps:

• make sure a passcode is activated in Settings and then lock your device by pressing the Sleep/Wake button
• hit the Sleep/Wake button again to wake up the device
• slide to unlock
• tap the Emergency Call button on a virtual keypad
• dial 911, 110, 112 or any other emergency call number from a public listing and immediately hang up the call
• hit the Sleep/Wake button to send the device to sleep, then wake it up and slide to unlock
• hold the Sleep/Wake button pressed for three seconds and then just before the ‘slide to power off’ prompt appears tap the Emergency Call button

As long as you keep holding the Sleep/Wake button, you will gain access to your contacts, call list, apps and more. Bear in mind that as a result of this vulnerability, an attacker can also plug your device into a computer via USB in order to gain access to even more data without knowing your passcode.

Kaspersky’s security advisory notes that connecting a compromised device to a computer via a USB cord exposes not only the user’s photos, contacts and other PIM data because more “will be available directly from the device hard drive without the pin to access.”

Truth be told, this is getting ridiculous – Apple’s gotta do something about these Lock screen flaws.

We kinda hoped the iOS 6.1.2 firmware would squash these bugs, but that wasn’t the case as iOS 6.1.2 only delivered a fix for the Exchange bug that was affecting battery life. By the way, ad tracking firm Chitika today reported that less than a week after it became available for download, iOS 6.1.2 is now the most popular version.

“Apple takes user security very seriously,” a spokeswoman for Apple recently said. “We are aware of this issue, and will deliver a fix in a future software update.”

Four days ago, iOS 6.1.3 Beta 2 was seeded to Apple’s registered developers. In the release notes, Apple mentions that iOS 6.1.3 will also fix the Lock screen bug.

  • Share:
  • Follow:
  • http://twitter.com/doubleaa25 Adham

    Everytime I tried doing the original vulnerability I would always get a black screen. I didn’t know it meant a method of getting info!

  • http://twitter.com/MCaudebec Maxim∑

    Whats ridiculous is the person that figured this out.

    • http://twitter.com/williamkako13 William Kakoschke

      I know. People that have the amount of time just sitting there pressing random buttons until something happens!

      • http://twitter.com/rud0lf77 rud0lf77

        The Social System of Germany makes it possible. Anyone who is too lazy to work gets money from the state…

      • Kurt

        I lived in Germany. My good friend is mid 30s and she would just get money from the state to do nothing. (this has been going on for many years) And she is always going on trips outside the country. Sad life, how can you be truly happy being a sponge?

    • Fr33zty@hotmail.com

      I just uploaded a YouTube video on how to open the phone app on iOS 6.1.2.

      Goto YouTube n in goto my account “fr33zty14″

  • TesticularFortitude

    Should I panic?

    • AforAppleAforAndoid

      hide your kids NOW.

      • TesticularFortitude

        lol

  • http://twitter.com/MikeeeeyJ Michael Jack

    “Truth be told, this is getting ridiculous – Apple’s gotta do something about these Lock screen flaws.”

    It’s hardly ridiculous, three vulnerabilities in the last 6 years? Also someone would need physical access to the device for a substantial period of time for this to be a real security threat. If your iPhone contained info so sensitive that this would pose a risk then remote wipe is your answer. This does need to be fixed however you’re over the top with that statement.

    • http://www.facebook.com/profile.php?id=1328808990 Bhuvan Kalra

      I think Apple is high.

    • Kurt

      Unfortunately there has been way way more vulnerabilities then just 3. But luckily nothing really came from them.

      • http://twitter.com/MikeeeeyJ Michael Jack

        There’s only been 3 lock screen vulnerabilities. I acknowledge that there’s been many iOS vulnerabilities.

    • Mac_Guy

      When I first read about the bypass I decided to try it out, not with my own iDevice but with customers devices that needed front screen repairs. Trust me I had more than enough time to try this ridiculous combination on these customers devices. I never used this exploit to delete or manipulate anyones information, simply used it show other co-workers.

      • http://twitter.com/MikeeeeyJ Michael Jack

        You probably shouldn’t be trying this on your clients devices….

      • Mac_Guy

        Like I said, I never used this bypass of the lockscreen to manipulate any of their personal information. The point I was trying to make is that I had more than enough time to do this combination

      • http://twitter.com/MikeeeeyJ Michael Jack

        Yeah but that’s because these people willingly gave you their phones.

        No way I’d ever give my iPhone up to anyone for a screen repair. Even sending it to Apple I’d back up and then wipe the device.

      • Mac_Guy

        1. These people didn’t have warranty on their iDevices
        2. I’m not doing the repairs at home, this is done at a profesional shop
        3. Our company does screen repairs cheaper than any other local repair store and they get done the same day. (As opposed to mailing it to Apple and waiting)

    • iDon’tWantToShareMyDetails

      3 are public, how much more do you think are being offered when you take out your cheque? More over for a company that’s tight on security they chase and squash jailbreak bugs far more than the bugs that can actually give remote access to your device. Its kind of a public misconception that Apple software is secure – its not really, its just not the target for the majority of security researchers.

      • http://twitter.com/MikeeeeyJ Michael Jack

        This vulnerability requires physical access to the device and to do any real damage the bad guys would need physical access for an extended period of time.

        I agree that if it was a vulnerability that allowed remote exploit execution then it’d be a massive deal but the fact that physical access is required really decreases the severity of this. In my opinion anyway.

    • Justin Stallings

      You’re desperately clinging to your idea that Apple is perfect, aren’t you? You think there have been only three documented vulnerabilities in the past six years? Of course not. There have been many, many, many more.

      The idea that easily replicated privacy/security vulnerabilities (major ones, too) in a seven hundred dollar phone is ridiculous is a perfectly rational one. You’re the one making over-the-top claims.

      By the way, you do realize that a remote wipe isn’t always possible, right? You’re basically saying “you shouldn’t have private information on your phone anyway. If it’s stolen and abused, that’s your fault, not Apple’s”. Absurd.

      • http://twitter.com/MikeeeeyJ Michael Jack

        3 lock screen bypass vulnerabilities in the last 6 years.

        I didn’t say having vulnerabilities in a $700 phone is ridiculous?

        If the security of the information on your device is that important to you then you make sure that a remote wipe is always possible. I don’t have any million dollar information on my iPhone but I’ve made sure that, unless someone like the NSA get hold of my phone,a remote wipe is always available to me.

        “you shouldn’t have private information on your phone anyway. If it’s stolen and abused, that’s your fault, not Apple’s” that’s not at all what I was trying to convey.

        While this flaw needs to be fixed, it isn’t a big issue, simply don’t lose your phone or let it get stolen. I’ve had a phone since I was about 10 and in 8/9 years I’ve never lost or had a phone stolen.

        Apple/ Samsung/ Google can built in all the hardware and software security they like but, in my opinion, at the end of the day it’s up to the user to protect that device. It’s akin to installing a $10,000 alarm system and then leaving the back door open. Simply don’t give the bad guys that first open door.

  • Stijn

    Or you take ifunbox and see the messages and pictures

  • http://www.facebook.com/people/James-Hart/1553850615 James Hart

    In before some clown says “that’s why I use Android phones”.

  • http://twitter.com/chrisw329 Chris

    wonder how man people get greeted by police at there door for trying all these emergency call hakcs

  • chjode

    Spread that FUD, Christian.

    • Kurt

      FUD? whats that

      • http://twitter.com/joshfofer Josh

        Fear, Uncertainty, and Doubt

  • http://twitter.com/br3akth3lim1t br3akth3lim1t

    when I do this on a jailbroken iPhone 5, all I get is a black screen.

  • Tr1pTr0p

    Remember, the most advanced mobile operating system on the planet.

    • JamesR624

      Why is this getting downvotes? All he’s doing is showing people just how full of bullshit Apple is. No other mobile is really much more advanced but the point OS that none of them claim to be something they’re not to get money. Only Apple does and the people seem to keep buying into the bullshit.

      • Tr1pTr0p

        Exactly. Thank you.

      • Kurt

        I think Android is more advanced and I’m only an iOS user. I can be honest about it.

      • Mac_Guy

        I’m ok with bugs in the OS. That leads to more jailbreak releases. Add more features and there is bound to be more bugs.

      • Kurt

        Bugs and vulnerabilities are different. iOS 6 doesn’t have new features.

      • Mac_Guy

        You are 100% correct. My mistake. But more features can lead to more vulnerabilities. Isn’t that why the ATV3 couldn’t be jailbroken? Not much to work with there.

      • Kurt

        Yeah, I dont get why ATV3 couldn’t have been jailbroken. Did they not get the same update that ATV1 and 2 got?

      • Mac_Guy

        “You can’t always get what you want”

      • Hyr3m

        Why is this getting downvotes? Because too many people on iDB are fucktards! That’s why…

      • Dan

        because some people will downvote anyone who says anything pro android

  • JaeM1llz

    So what you’re saying is that the police are about to get an influx of non-emergency related calls.

  • Fr33zty14

    I have already 6 Ways of bypassing the lock screen for the newest iOS 6.2..
    Since I have dialup it’s very hard to post a video… So it does take some time…
    But every time between that long wait of posting the video, I always get RSS feeds from IDB that someone else has posted one.. Well now I’m happy because this only allows access to the device…

    JUST like the other bug this will get patched…
    apple will only concentrate on fixing what has been seen here… Allowing my lock screen flaws still ready for exploit…

    But I still wonder.. Do I dare give the security flaw? Or do I let it be looked passed apon… Because if you think about it.. We are pushing apple to update these bugs… WHICH WILL ALSO PUSH THEM TO FIX THE JAILBREAK!!!

    Anyway, I will be posting a video on how to do this on Thursday..
    This is one of the many ways of getting into the phone.app via lock screen

    • http://twitter.com/notoriousTEG tim

      i dont know what im more shocked about. the fact that you (supposedly) have 6 lockscreen bypass bugs, or that you still have dial up!

      • EpicFacepalm

        I don’t know either, but he is right, doesn’t lie.

    • EpicFacepalm

      If I were you I would sell them to a security company.

  • Tom

    Ios again sucks android is way more secure no wonder nasa uses android

    • http://www.facebook.com/BikenNo.9 Biken Dangol

      No wonder you came here in apple base website to get troll.
      Back to you____ Tom

  • M Last

    why video cut ?

    you can see 42″ to 45″

  • http://www.facebook.com/BikenNo.9 Biken Dangol

    That looks like my lost Iphone 5. Hehe just joking . Anyhow The guy who have stole my i5 is really a dough. And video like this are helping them to break the pass code security. I hate this even if it is has study purpose.

  • a smit

    if anyone is worried about someone hacking their device, maybe try installing disableEmergency from cydia – it will disable emergency calls when locked

  • http://twitter.com/williamkako13 William Kakoschke

    Well, I’m glad I own am iPod touch, no emergency call button! xD

  • http://www.eraser.org B. Braun

    Pfft most people do not even set a code…

  • Hitesh

    just use igotya which will prevent the use of power off in the lockscreen

  • Fr33zty@hotmail.com

    I just uploaded a YouTube video on how to open the phone app on iOS 6.1.2

    Goto YouTube n in goto my account “fr33zty14″

    • EpicFacepalm

      Gotta say it just works