Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
iPhone Newsforums, a part of the
It appears yet another lockscreen iOS 6.1 security bug has been discovered which gives a potential hacker/terrible friend access to contacts, photos and a whole lot more. This exploit is...
02-25-2013, 08:02 PM #1
iOS 6.1.2 Lockscreen Exploit Found - Not the Good One Either
It appears yet another lockscreen iOS 6.1 security bug has been discovered which gives a potential hacker/terrible friend access to contacts, photos and a whole lot more. This exploit is much like the previous bug Apple fixed, however it apparently gives access to more user data when the phone is plugged into a computer. The original lockscreen bug found on iOS 6.1 did not allow the same access.
A few hours ago we posted about how iOS 6.1.3 will indeed patch the jailbreak exploit; it is assumed iOS 6.1.3 will also fix this security bug. It's almost too perfect for Apple - they waited to fix this bug until they could also patch the jailbreak, thus making many users consider the update. I however will not.
While we do not encourage anyone to use this exploit for terrible reasons, here is a breakdown of how it works.
- Ensure there is a passcode enabled (obvious) and then lock your device by pressing the sleep / wake button.
- Wake the device by tapping the home or sleep button.
- Tap the Emergency Call button on the virtual keyboard.
- Dial 911 or another emergency call number like 110 or 112 and then IMMEDIATELY hang up the call.
- With the call canceled, hit the sleep / wake button to once again put your device in sleep mode, wake it up and then Slide To Unlock.
- Now the trickiest part, hold down the sleep / wake button for about 3 seconds and just before the Slide To Power Off window appears tap the Emergency Call Button (while still keep your finger on the sleep / wake button).
- Keep holding the sleep / wake button and you have gained access to the phone app and if plugged in via USB all personal information.
The Following User Says Thank You to Nick Hesson For This Useful Post:
02-25-2013, 08:28 PM #2
Sooooo you just gave everyone a tutorial on how to access someone's iPhone?
Regardless. Probably better if it weren't there
02-25-2013, 08:49 PM #3
02-25-2013, 09:21 PM #4
Who in hell had time to figure out that $yht??? LMAO my god someone had to much time on there hands to figure that out!!
02-25-2013, 09:28 PM #5
02-25-2013, 09:30 PM #6
Stupid. Calling 911 and hanging up gets a cop at your door to make sure you are ok. Speaking as a former dispatcher I can locate the exact house you are in.
02-25-2013, 09:50 PM #7
I wouldn't even know what to do if I had someone's SSN.
02-25-2013, 09:53 PM #8
02-25-2013, 10:01 PM #9
In doing this, you cancel the call before it actually sends the call so there is no call to 911 that can be traced... Also, I doubt that anyone sat around trying combinations long enough to find something that would work like this. Most exploits found in an operating system have corresponding input commands that replicate the vulnerability on the device... Unless I've just been imagining things.
02-25-2013, 10:04 PM #10
02-25-2013, 10:13 PM #11
02-25-2013, 10:14 PM #12
02-25-2013, 10:22 PM #13
Anyone with a jailbroken iPhone can install 'disableEmergency' from the cydia store. It's free and allows you to disable the emergency dial function from the iphone. In an emergency you could technically still use siri. This technically should protect you from this vulnerability.
Last edited by drgonz0; 02-25-2013 at 10:25 PM.
02-25-2013, 10:37 PM #14
It's almost too perfect for Apple - they waited to fix this bug until they could also patch the jailbreak, thus making many users consider the update.
Regardless, if Apple ever wants to add RFID "virtual wallet" payments to the iPhone, they'll have to make the lockscreen far more secure.
This bug probably isn't in my iPod Touch - there's no phone!
02-25-2013, 11:09 PM #15
im still on 6.1 been to lazy to update but thanks for this info i installed disableemergency so no more worries now all they need to do is make a way to diable dfu mode so if anyone steals the iPhone its useless unless u know the password
02-25-2013, 11:55 PM #16
02-26-2013, 12:20 AM #17
I dont think theres a way to disable DFU mode.
02-26-2013, 01:17 AM #18
My phone is either in my pocket, in my/my kid's hand or on my desk (work & home) pretty much all the time. I don't even run a passcode.
And I'd like to think if I lost my phone it might be returned by someone accessing my contacts and calling an obvious number like "me (work)" or "Mum" or something. If it's locked, whoever finds it can't do that.
02-26-2013, 02:28 AM #19
02-26-2013, 02:47 AM #20
If you lose your iPhone in a public area,you can kiss that phone goodbye because I highly doubt the person who finds it and takes it will return it to you. It's messed, but that's how it is now.