iOS 6 passcode bypass discovered, could allow snooping

Once again a way has been found to bypass the iPhone's Lock screen passcode, this time for iOS 6.x, and involving a complex series of button pushes and screen taps to basically put the system into apoplexy. This particular Konami code of doom was reported by Adrian D'Urso of Jailbreak Nation:

Today, we discovered a method to bypass the passcode lock on any iPhone running the newest software update iOS 6.1. The method is a bit complicated and will allow access to the phone application. While hitting the home button will re lock the phone, the exploit does have potential to snoop through peoples contacts and make calls.

It's not the first time a vulnerability in the the iPhone's Lock screen passcode has been found; providing just enough functionality to make emergency calls yet not enough to get into the rest of the system seems to be an error-prone process. Apple, for their part, will likely patch it in the next update, as they've patched similar bypasses in the past.

All that said, it's important to remember that bypassing your passcode requires physical access to your iPhone, and in this case, for long enough to successfully enter the complicated series of steps successfully.

To learn more about this latest security snafu and it's parameters, hit the link below.

Source: Jailbreak Nation

Rene Ritchie

Editor-in-Chief of iMore, co-host of Iterate, Debug, Review, Vector, and MacBreak Weekly podcasts. Cook, grappler, photon wrangler. Follow him on Twitter and Google+.

More Posts

 

8
loading...
11
loading...
45
loading...
0
loading...

← Previously

Deal of the Day: 43% off Krusell Hector Leather Case for iPhone 5

Next up →

Kickstarter launches terrific new iPhone app, but their fulfillment still needs a lot of work

Reader comments

iOS 6 passcode bypass discovered, could allow snooping

21 Comments

I just don't get it: why would these people publish their finding?! Does a geek ethical code for this sort of thing exist?! I would think they would just contact Apple with their discovery and keep quiet about it. What am I missing here?!

Probably for the press that comes along with it. Everyone is out trying to make a buck. If they just went to apple nothing would be heard about it and no money would have been made for these guys.

Some contact the vendor, some do not. What you are missing is that just because a bug has not been publicized does not mean it is not in the wild and being exploited. When real bad guys discover an exploit, they keep quiet about it, to they can use it.

In cases where this is the likely scenario, the ethical thing to do may very well be to go public with it as opposed to go quietly to the vendor (Apple). When an exploit is made public, vulnerable regular people have a chance to protect themselves (in this case, by taking better physical inventory of their device), and, some vendors, Apple included, have in the past demonstrated that they respond to bad situations best when pressured publicly. The best route to protecting the public sometimes is, and may have been in this case, full disclosure.

freedom of information. I want to know if someone has the ability to partially bypass my phone's lock screen.
"What you are missing:"
1. most obvious reason is for fame, people get known for outsmarting securities and then get hired at firms for exploiting and fixing issues.
2. Helps further technology ingenuity, when other free-range programmers catch whim it may allow them to capitalize on new ideas or inventions.
3. If there is a burglar on the prowl, its not only important to notify the the authorities (Apple or w/e), but its important to notify your neighbors (other users). That way your neighbors can do whatever they can to prevent the burglars exploiting their defenses. It is ultimately up to the owner of a home or a phone to prevent the crime, the more the user or owner knows of the crime and how it is executed, the better chance they have to bolster against it. We live in a country that says you are innocent until proven guilty (4th amendment & 5th amendment), and so it is best to assume that if you leak this info people will attempt to develop ways to stop it instead of abuse it. Your line of understanding assumes people are guilty before proven innocent, and that's not a healthy.
4. knowledge is free, and only a sucker would want to be a naive chump.

Just to be technical, everyone is calling this a "bypass" of the lock screen when in fact it's a "partial bypass" of the lock screen. All that is exposed is the contacts app. If it was a bypass of the lock screen, then I would have access to the phone because the lock has been put to one side. This isn't the case.

It is partial, but as it gives access to the contacts app, it lets an unauthorized user see/change contacts, make phone calls, sends texts, make facetime calls, look at photos (by adding photo to contact), jump to maps and a host of other things the contacts app can do (send emails, text, tweets, facebook, etc).

Getting access to the contacts app actually allows the user to do a lot. Then again Siri has access to alot of those features as well.

On a side note, I managed to get it to work once. Subsequent times I tries this the screen went black and all I could see was the status bar, so it's not foolproof.

This blows...welp, I know who's phone I'll be using to make calls to Canada!

There's always a bright side.

That's concerning, but not hugely concerning if the best they can do is call or text someone in my contacts. It's not like they are getting access to my passwords, docs, or other confidential info.

And you're not concerned of all the possible long distance or roaming charges the thief can tack onto your phone bill when they take your phone for a spin? I would be.

Do that many people really use pass code lock? What are you trying to hide, pictures of your dog? I don't see a reason anyone would need a pass code lock unless you were doing some things that required greater security than an iPhone can provide.