iOS 6.1.3 reportedly introduces another Lock screen vulnerability

By , Mar 20, 2013

Apple yesterday let iOS 6.1.3 out of the gate, fixing the widely reported Lock screen vulnerability. As you’re probably aware, the glitch was first detailed a month ago and lets people with access to your iPhone, iPad or iPod touch easily bypass your passcode and mess with your private data on the device. But as is often the case, new software releases fix old bugs and introduce new ones to be squashed in the future.

A report Wednesday claims an all-new Lock screen vulnerability has been discovered in iOS 6.1.3, one making it easy to – you guessed right – bypass one’s passcode and gain access to an unsuspecting user’s contacts and photos kept on the device. Luckily, this one can be avoided easily by disabling the Voice Dial feature…

Dutch web site iPhoneclub.nl passes along the above video by YouTube user ‘videosdebarraquito’ highlighting the flaw.

The trick involves using the iPhone or iPod touch’s Voice Dialing feature to dial a number – in this case, ‘123’). Then, as soon as the calling confirmation pops up (“dialing 123″), eject the SIM card to abruptly end the call.

You should be now able to access the recent call history, as well as check out Photos and browse through Contacts – even add a new contact or picture, either by taking a new photo or by picking one from the photo library on the device.

The good news is, the glitch “only” seems to allow intruders to access your contacts and photos, but not other critical apps like Phone, Messages and what not.

Unfortunately, we cannot tell from the video whether or not the poster is in fact running iOS 6.1.3. For what it’s worth, iPhoneinCanada was able to confirm that the glitch affects their iPhone 4 running iOS 6.1.3.

To be on the safe side, owners of older iPhone and iPod touch devices which don’t support Siri must disable Voice Dialing by going to their device’s Settings > General > Passcode Lock.

iPhone Voice Dialing

Those with an iPhone 4S or iPhone 5 are wise to disable Siri access from the Lock screen, again in Settings > General > Passcode Lock. On the flip side, anyone looking to exploit this glitch to their advantage must have physical access to your device and be able to eject the SIM.

If it’s any consolation, it isn’t just Apple’s handset – a dangerous Lock screen vulnerability has also been discovered on Samsung’s Galaxy S4, have a look below.

Again, I haven’t had a chance to test this on my device yet so your mileage may vary.

Why not help us fill in the blanks by testing this out and share your experience with fellow readers down in the comments?

  • Share:
  • Follow:
  • abbyruleover

    And this update was supposed to fix the bypass. Oh the irony!

  • Jordi Bull

    it works on ios 6.1.2

    • Damian W

      e

  • http://www.facebook.com/profile.php?id=100000603361739 Osama Muhammed

    apple should be rewarded for the daily fired employees

  • Mohammad Ridwan

    Oh Apple, don’t ever change.. ;)

  • http://robertianhawdon.me.uk/ Robert Ian Hawdon

    Who figures out these things? Is there someone sitting there just trying every combination of physical things they can do with an iPhone at its lock screen?

    • http://twitter.com/rud0lf77 rud0lf77

      The people who are figuring out such are usually from Europe, here in Europe, especially in Germany, we got a social system that allows people to do nothing all day and get a lot of money and an apartment.

      • iospixel

        Meh, Atleast you got the houses to give them, Would you really want to see homeless people on the way too and from work? I to come from a country where our welfare system is a clusterfuck but its better than the alternative.

        Upvoted all the same :)

  • http://twitter.com/MCaudebec Maxim∑

    Does the person that figures this out have nothing better to do?

  • http://twitter.com/x13xavi xavi

    Is useless apple to make a update while there’s people who can bypass the iPhone screen lock by this video there will be another update and no jailbreak :/

  • Tr1pTr0p

    This is fucking laughable! iOS has more holes in it than Swiss cheese!

    • abbyruleover

      I guess they were to busy killing the jailbreak!

    • http://www.facebook.com/PeterBv Pete Borokhov

      Pretty funny, Btw be specific, there are allot of styles of Swiss cheese which one are you referring to?

  • MrShutEmDown

    The easiest way to find out jailbreak exploits? locks creen vulnerabilities…
    Hopefully they (JB team) wait until ios7 to jump the gun and release another Jailbreak.
    Apple is getting hip lol

  • thebudman

    That was the most stupid thing I’ve seen today.
    So he was able to create contact with the lock screen enabled.

    He never went to the springboard and had full access to the phone.
    Lame.

    • http://www.facebook.com/profile.php?id=1537677936 Amardeep Singh

      are you kidding me? thats lame? he was able to look at the pictures

      • http://twitter.com/chaoticbuddhist The Chaotic Buddhist

        Oh the horror….

      • http://www.facebook.com/profile.php?id=1537677936 Amardeep Singh

        LOOOOOOL ;)

  • http://www.facebook.com/tafk1 Taf Khan

    It’s simple Apple, just revert back to iOS 6.12, you won’t be any worse off, re-package as 6.14 tonight if you like and EVASION can come back to life. :P :P

  • seyss

    these bugs were made intentionally to let government and other people inspect your phone

    • s0me

      if they really want to do that they dont have to use bugs

  • http://www.facebook.com/Makavelli.1 Joseph A. Ahmad

    Okay, seriously, if you let someone do this to your phone without realizing it, you deserved it. I’m sorry but I don’t think this is an imediate concern unless you leave your iPhone lying around. For some, it may be though.

  • http://twitter.com/dpacemaker David Pace

    If someone wants to take the time to look at some pics then good for them. Every single one of these “vulnerabilities” seems to be a nuisance more than a threat. If someone steals my phone this is the last thing they are going to be worried about. Looking at my pics, more like selling it for crack is their first thought.

  • http://twitter.com/zKINGb Mark Thmas

    He never showed that he is on 6.1.3…

  • Liam Mulcahy

    FAIL!

  • http://twitter.com/chaoticbuddhist The Chaotic Buddhist

    This is getting stupid really. If anyone has THIS kind of time of course they’ll find a way in. This is actually less of an issue than you’re making out.

  • http://twitter.com/bennsteward Benn

    this is nothing new. it does this in 6.1.

  • adaminsull

    I attempted this and it does indeed happen.

  • http://twitter.com/KDKimura Kaz Kimura (木村 カズオ)

    If you make a phone call using Siri and attempt to add a call or access the contacts during the phone call, the iPhone will ask for the passcode and will give you what seems to be an unlimited number of attempts to guess the passcode without the normal disabling of the iPhone. There’s 10,000 combinations so if you have quick fingers and enough sanity, it’d probably take half an hour or so to guess the correct code. I found a weird GUI bug that occurs when you push the home button while looking at the phone call screen and entering the incorrect passcode until the iPhone is disabled and then trying to unlock it. The slide to unlock slider gets stuck on the right side of the screen. What else can we exploit about the passcode feature?

  • http://twitter.com/monster_hazardo Roger Riekki

    LOL.

  • http://twitter.com/myorangeisstuck wahaha

    In ios 7, I think apple would remove the lock screen.

  • iPhoneShqip

    Fuck the politique of Apple she block the Jailbreak not the error with iOS 6.1.3

  • http://twitter.com/aidanharris1 ✪ aidan harris ✪

    I wonder if someone will develop fixes for these on jailbroken devices, ironically making them more secure…

  • Kyle Willis

    Only the gullible update it ain’t about bug fixes its getting mugs to update to lose JB !

  • http://twitter.com/craigkeller Craig Keller

    I wonder if it would be possible, since you can add/edit contacts with this bypass, to add a url scheme to a contact and open another app. like twitter, or facebook, or chrome.

  • http://technogiantz.com/ Technogiantz

    The discovery of the bypass is a facepalm for Apple.

  • Charles

    Does anyone have any problems with the speakers after the 6.1.3 update

  • Charles

    They are after the vurnerabilities so they can find a jailbreak to suit our needs