The vulnerability can be exploited by local attackers with physical device access without privileged iOS account or required user interaction. The vulnerability allows the local attacker to bypass the code lock in iTunes and via USB when a black screen bug occurs. The vulnerability is located in the main login module of the mobile iOS device (iphone or ipad) when processing to use the screenshot function in combination with the emegerncy call and power (standby) button. The vulnerability allows an attacker with physical access to bypass via a glitch in the iOS kernel the main device code lock (auth).
Here’s Mejri’s description of the bug, from his Full Disclosure post:Ī code lock bypass vulnerability via iOS as glitch is detected in the official Apple iOS v6.1 (10B143) for iPad & iPhone. In this second version of the exploit, a hacker can also make the iPhone screen go black, thereby allowing him or her to plug the phone into a computer via USB and grab data off the device without a PIN or passcode credentials. When placing the emergency call, an attacker could cancel the call while holding the lock/sleep button in order to access data on the phone. The most recent vulnerability, described in a post on the Full Disclosure mailing list late last week by Benjamin Kunz Mejri – founder and CEO of Vulnerability Lab – and spotted by Threatpost’s Christopher Brook, adds on to the earlier exploit.īoth attacks require using the Emergency Call function in addition to the lock/sleep button and the screenshot feature. You have to place a phony emergency call as part of the process.You only get access to some of the data.
You need manual dexterity or a fair bit of practice.You need physical access to the device.The first vulnerability, which popped up on YouTube earlier in the month, entailed this laundry list of steps, brought to us courtesy of Naked Security’s Paul Ducklin:
Researchers are having a fun time with iOS 6.1 passcode locks this month, with Vulnerability Lab having discovered a second version of a vulnerability that lets a hacker slip past a lock screen to access a user’s contact list, voicemails and more.