It looks like Apple has run into some serious troubles with their lockscreen in iOS 6, or the amount of people poking and prying at iOS has increased (take your pick). In iOS 6.1.2 Apple patched a lockscreen bug that allowed users to bypass the lockscreen and access the Phone app.
Now a more serious exploit has been discovered that can get past the lockscreen, access the Phone app and also allow the attacker complete access to your device’s data (photos, messages etc.) if it is plugged into a computer. The original lockscreen bug found on iOS 6.1 didn’t allow the attacker access to all of the devices personal information when plugged in via USB.
ArsTechnica explains the exploit in more detail…
The vulnerability is located in the main login module of the mobile iOS device (iPhone or iPad) when processing to use the screenshot function in combination with the emergency call and power (standby) button. The vulnerability allows the local attacker to bypass the code lock in iTunes and via USB when a black screen bug occurs. The vulnerability can be exploited by local attackers with physical device access without privileged iOS account or required user interaction. Successful exploitation of the vulnerability results in unauthorized device access and information disclosure
It looks like besides patching the Evasi0n iOS 6.x Untethered Jailbreak, iOS 6.1.3 will also be patching this lockscreen bug in the process. Now, I am sure you are wondering… just how do I perform the latest lockscreen vulnerability. Well, assuming you want to try this out on your own device, or impress (scare) your friends, here are the instructions.
- Ensure there is a passcode enabled (obvious) and then lock your device by pressing the sleep / wake button
- Wake the device by tapping the home or sleep button
- Tap the Emergency Call button on the virtual keyboard
- Dial 911 or another emergency call number like 110 or 112 and then IMMEDIATELY hang up the call
- With the call canceled, hit the sleep / wake button to once again put your device in sleep mode, wake it up and then Slide To Unlock
- Now the trickiest part, hold down the sleep / wake button for about 3 seconds and just before the Slide To Power Off window appears tap the Emergency Call Button (while still keep your finger on the sleep / wake button)
- Keep holding the sleep / wake button and you have gained access to the phone app and if plugged in via USB all personal information
Apple has acknowledged the bug and issued a stereotypical statement somewhat along the lines of “Apple takes security very seriously and will issue a fix in a future software update.” So, you can indeed expect it in iOS 6.1.3. Who knows, maybe Apple will release iOS 6.1.3 within the next few days to fix the lockscreen bug, and push iOS 6.1.3 beta 3 to iOS 6.1.4 beta 3.
DJCURTIZ says
WARNING: by Dialing any of these emergency numbers 112,911,110 your call is almost instantly connected EVEN IF YOU CANCEL THE CALL!!! Unless you want the entire country’s police force showing up at your door, don’t be stupid and avoid trying this exploit.
Franciscovs says
I fix this issue with “disable emergency” from bigboss.
IMACOP says
DUDE… DON’T GO FULL RETARD. NEVER GO FULL RETARD.
Ethyn Resausk says
Yeah this guys probably the biggest moron. Calling a number doesn’t receive until 5 seconds from when you hit call. Overall this isnt much of an exploit If you cant get into the home screen as you could with the older one…Kind of lame and isn’t worth doing unless you plan on doing prank call numbers.
Redon says
It’s not that Apple is having difficulties in resolving this issue but they always did, do and will do apply this fucking tricks in order to push iDevice users to update with the hope that jailbreaking would be impossible for them. Apple is a bitch.
LoudSpeak says
Is there really a point to doing this? Someone can access the phone functionality with the “Emergency Call” feature anyway. Why do we need this dumb exploit? What, so you can view contacts on the phone? Big deal. This is stupid. It just ends up screwing over Springboard.app anyway,
Paperclip says
Just use AndroidLock XT lock screen ;)
paperclip says
With Androidlock XT screen, you get double protection. ;)
have to get patern first before getting to the normal PIN lock screen, if you set it up like that.
without getting the right patern you wont even get to the emergency button, but I like it for double protection.
tre says
That’s why with icaughtU pro none of this can happen! You set set it up so it won’t turn off unless it’s in the main screen so you never accomplish this no matter what. I love that app.