iOS 6.1.3 Found to Have Yet Another Lock Screen Passcode Bypass Glitch

[Anthony Bouchard]

iOS 6.1.3 was released yesterday to address numerous security holes, as well as improve the Maps application in Japan, and fix a lock screen vulnerability that could allow a user to bypass the lock screen passcode.

Now it seems that the new iOS 6.1.3 release has just introduced yet another lock screen vulnerability allowing the user to bypass the lock screen passcode and have access to the victim's contacts, photos, call history, and more. The glitch involves using a tool to eject the SIM card, such as a SIM eject tool or paperclip, and using the voice dial feature:



For a mobile-friendly video link that works with our app, tap on the video link below:

Video Link

As soon as you eject the SIM card when the phone call is about to go through via voice dial, the iPhone won’t know what to do and the screen will go straight to the Phone application. From here, the victim’s personal information is freely available for viewing by the user.

As the video explains, disabling the voice dial feature from the Settings application can keep you protected from this glitch; alternatively, you can watch your iPhone like a hawk and make sure no one ever gets the chance to touch your iPhone except for you, but the former is definitely the most efficient way to keep yourself protected.

Apart from patching exploits used in the evasi0n iOS 6 untethered jailbreak, the additional lock screen vulnerability that came with a firmware update meant to fix another lock screen vulnerability is just yet another reason not to bother updating to the latest firmware.

Sources: YouTube via iClarified

[IChi1d]

Heh.

[novadam]

how do people figure this stuff out?

[Perceptum]

how do people figure this stuff out?

I have no bloody clue!

[rvance]

how do people figure this stuff out?

+1 yes, please explain!!

[slim.jim]

I never have voice dial enabled on the lock screen anyways.

[2k1]

how do people figure this stuff out?

Same thing how they jailbreak phones. Time and alot of smarts lol

[slim.jim]

Same thing how they jailbreak phones. Time and alot of smarts lol

I think this is a lot more time than smarts. Jailbreaking requires developer knowledge and this is trial and error.

[MPS3]

^^^ this is what happens when you got more time then you know what to do with

[tridley68]

Heh.

Crap i just updated all my work stuff yesterday .

[nealh]

Just remember though Apple is more safe with their firmware and jailbreaking is bad. The reason it's bad is because it causes security problems. Laughing my *** off

[jamesgunaca]

Hope we didn't just burn another exploit by pointing this out...but other than that seems like NBD.

[littlelisa63]

Typical apple to fix a vulnerability and release a new one anything to spoil the jailbreak...bas****s

[Norb]

...and in other news, people have too much time.

[feidhlim1986]

Wasn't Schiller blabbering on about security recently...

[GenesisDH]

It seems it only works if Voice Control is enabled and Siri is not...
So really it's not a usable exploit for anything above a 4, as Siri takes over in the cases of the 4S/5 and related iOS devices.

[Reymago23]

Apple cant get it right!
what a pity!

[ecd5000]

how do people figure this stuff out?

My thoughts exactly

[slim.jim]

It seems it only works if Voice Control is enabled and Siri is not...
So really it's not a usable exploit for anything above a 4, as Siri takes over in the cases of the 4S/5 and related iOS devices.

You also have to know a contacts name, while that might not be hard to figure out.

[ThatOneProfile]

how do people figure this stuff out?

The same way Jailbreaks are made? Looking for vulns.