Friday, February 15, 2013

Clever button mashing hack sidesteps iOS 6.1 lock screen

A security flaw has been found in iOS 6.1, one which piles on the already reported bugs in that version of Apple's mobile platform. The report first appeared on Thursday, spoiling Apple's Valentine's Day.

The method, as detailed by YouTube user videosdebarraquito, involves making (and immediately canceling) an emergency call and then holding down the power button twice. It doesn't seem to be all that easy to reproduce, though, as a number of commenters said all they received was a black screen.

On the other hand, the report did say the writers were able to break into two U.K. iPhone 5s running iOS 6.1 (the recently released iOS 6.1.1 was iPhone 4S only and was pushed out to fix a 3G bug). If you can get the exploit to work, you can view and modify contacts, listen to voicemail, browse your photos (by attempting to add a photo to the aforementioned contact list). At this point it appears that email and Web access is not allowed, but there's always a chance someone will figure a way out.

We'd have to ask how videosdebarraquito figured out the hack; he either had a lot of spare time or got lucky -- or unlucky.

This isn't the first time this has happened; a very similar bug affected iOS 4.1 back in late October of 2010. The security issue was fixed in iOS 4.2.

Apple has not publicly acknowledged the bug yet.

No comments: