Wednesday, March 20, 2013

Passcode bypass bug discovered for iOS 6.1.3 on non-Siri devices

Passcode bypass bug discovered for iOS 6.1.3 on non-Siri devices

Apple recently released iOS 6.1.3 which included a fix for the passcode bypass bug that would allow an unauthorized person to access the Phone app on a locked iPhone. One day after the update, however, Matthew Panzarino of The Next Web is reporting that a new bypass bug has been discovered, this time by videosdebarraquito. But you may not need to be too worried about this one.

The passcode bypass in the previous versions of iOS 6 required a series of well-timed taps and button presses. The result was full access to the Phone app on a locked device without entering the passcode. This new bug (not quite new, it seems to have existed prior to iOS 6.1.3) requires a sequence that?s a little easier to execute as can be seen in this video. For some reason, this bypass doesn?t seem to affect Siri-capable devices.

The iPhone 3GS and iPhone 4 are susceptible to the bypass which is achieved using the Voice Dial feature. By holding the Home button on a device for a few seconds, the Voice Dial feature will come up. Issue a dial command such as ?Dial 303-555-1212?, then as the call is being initiated, eject the SIM card. The iPhone detects the SIM has been removed, cancels the call, and displays an alert saying there is no SIM. Behind the alert you will see the Phone app and after dismissing the alert, you will have full access to the Phone app. As before this means you can access contact information as well as all photos on the device.

On the iPhone 4S and 5, performing this bypass will sometimes expose your Phone app?s Contacts list for a brief second, before the screen quickly turns black. However, causing this to happen on a 4S or 5 would require Siri to be disabled and Voice Dial to be enabled. And having Voice Dial enabled in this situation, you already leave your contact information exposed to a certain extent.

Since the full bypass does not work on the iPhone 4S or iPhone 5, the number of users vulnerable to this exploit is much smaller than the previous bypass. Unlike the previous bug, this bypass can also easily be prevented by disabling Voice Dial. This can be done in the iPhone?s Settings app, under General > Passcode Lock, by turning the Voice Dial switch to off. With the way Apple has been handling these so far, it would not be surprising to see this fixed in a 6.1.4 update.

Source: videosdebarraquito via The Next Web



Source: http://feedproxy.google.com/~r/TheIphoneBlog/~3/RSytPmF0PPU/story01.htm

2012 royal rumble the grey machine gun kelly saul alinsky annapolis wwe royal rumble trisomy

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.