Passcode bypass bug discovered for iOS 6.1.3

Passcode bypass bug discovered for iOS 6.1.3 on non-Siri devices

Apple recently released iOS 6.1.3 which included a fix for the passcode bypass bug that would allow an unauthorized person to access the Phone app on a locked iPhone. One day after the update, however, Matthew Panzarino of The Next Web is reporting that a new bypass bug has been discovered, this time by videosdebarraquito.

The passcode bypass in the previous versions of iOS 6 required a series of well-timed taps and button presses. The result was full access to the Phone app on a locked device without entering the passcode. This new bug (not quite new, it seems to have existed prior to iOS 6.1.3) requires a sequence that’s a little easier to execute as can be seen in this video. For some reason, this bypass seems to to be more difficult to accomplish on newer, Siri-capable devices.

The bypass can be achieved using the iPhone’s Voice Dial feature. By holding the Home button on a device for a few seconds, the Voice Dial feature will come up. Issue a dial command such as “Dial 303-555-1212”, then as the call is being initiated, eject the SIM card. The iPhone detects the SIM has been removed, cancels the call, and displays an alert saying there is no SIM. Behind the alert you will see the Phone app and after dismissing the alert, you will have full access to the Phone app. As before this means you can access contact information as well as all photos on the device.

Initially thought to only be possible on non-Siri phones, reports are now coming in of this bypass being performed on the iPhone 4S and 5 as well, though it doesn’t seem to be as easily reproducible on these devices. Performing the bypass on these devices devices would also require Siri to be disabled and Voice Dial to be enabled.

Unlike the previous bug, this bypass can also easily be prevented by disabling Voice Dial. This can be done in the iPhone’s Settings app, under General > Passcode Lock, by turning the Voice Dial switch to off. With the way Apple has been handling these so far, it would not be surprising to see this fixed in a 6.1.4 update.

Source: videosdebarraquito via The Next Web

Update: Article update with more information on the scope of the vulnerability.

Nick Arnott

Security editor, breaker of things, and caffeine savant. QA at Double Encore. Writes on neglectedpotential.com about QA & security, and as @noir on Twitter about nothing in particular.

More Posts

 

0
loading...
11
loading...
41
loading...
0
loading...

← Previously

Want to try out App.net for free? Here's 200 invitations!

Next up →

GarageBand for iOS updated with Audiobus support

Reader comments

Passcode bypass bug discovered for iOS 6.1.3

31 Comments
Sort by Rating

While I'm still using an iPhone 4 and would love to help you tinker with it, I do not want to lose my jailbreak. My home button is wonky and I need my Zephyr.

This exploit has got be in record time because 6.1.3 has not even been out for 48 hours...

I honestly don't think they sit around trying to place voice calls while ejecting the SIM card in an attempt to crack the software. However, since there ARE a lot of folks out there who do stuff like this routinely, they might want to start.

I see an option to allow access to Siri, Passbook, or Reply with Message. When you say "Voice Dialing" option, do you mean "Siri"?

Voice Dial only shows up on Siri-capable devices if Siri is turned off. If your device has Siri turned on, then the specific Voice Dial functionality that is vulnerable will not be accessible and you don't need to worry about disabling it.

@Vanti and @richard451 - I get your points, but hope you are being a bit sarcastic. Have you ever performed software testing before? If you test every possible scenario, you will never release anything. This exploit, while admittedly easy to do, requires one to Voice Dial a call, and then instantly ejecting the SIM. I would hardly even think to do such a thing. I am amazed that someone did in less than the 24 hours 6.1.3 has been out.

Glad they discovered it, but let's be fair, not exactly top of the charts of what I would think most people would have as test case #1.

Oh, and not an issue on Verizon iPhone 4 ( ;) )

err. this is a bug that previously existed in iOS and was fixed. For Apple not to have tested it is ignorance. you think someone would ask "hey, I wonder if my new fix breaks old fixes?", instead Apple says "let the users find out for us".

I understand that this has been proven in 6.1.2 but was it known prior to this being out there? If so, I apologize, I missed them.

From the above article; "This new bug (not quite new, it seems to have existed prior to iOS 6.1.3)...". That said, this is a pretty minor security hole. I'm surprised it's getting so much attention.

I agree. Minor and an easier fix than to actually perform the exploit.

But was this known prior to yesterday?

I haven't seen anything that indicates it was public knowledge before yesterday. That said, I wouldn't be surprised if somebody discovered this previously, and decided to wait until Apple put out a fix for the other bug before making this one public.

How are these exploits found out so fast? Does someone sit there and try different combinations until they discover one or is it embedded in code? I'm curious as to how these are found

Another one? Funnily enough these passcode exploits are quite fiddly to execute my phone is barely out of my hand long enough for someone to perform this.

It is funny to see that Apple prides itself in stopping jailbreaks along with other security features and yet with every release of a new iOS firmware a lock screen security fail is always found. It's almost as if they focus too much on stomping out the jailbreak. Hopefully in the next release they pay a bit more attention to the ability to bypass a security feature so easily.

Not like Apple to not lock this down from a previous build they knew about but there is no excuse. Somebody or people on the security side of writing the code slipped up didn't they?

I appreciate that people figure this stuff out, but wow that was a quick one to already have undone. In other news, this one seems to be awesome for my battery.

Always flabbergasted at how these types of bugs are found. Are there people just sitting there and trying out combinations of things, or do people look through the code and see that a certain aspect is weak and focus on that? Mind blowing

Really!?!? If someone it that desperate to make a call or look at my photos then have at it. Geez. I am sure when 6.1.4 is released to correct it, the new way will be stand on 1 foot, face north, hold the phone pointing south and with 2 hands touch the screen and the home button at the same time. Then say real loud "open photo app" and you can see all the photos. Then 6.1.5 will go to beta. Rinse, repeat. And yeah Apple should have their engineers trying all those type scenarios before they release an update. <sigh>

Apple fan boy here, all these 6.x.x updates frustrate me. Why don't they beta test them for a month or 2? END THE BUGS