Apple iOS and the history of a workin’ lockscreen… NOT

Once again a vulnerability in Apples mobile operating system iOS was found by some guys of the Jailbreak Nation. The newest version of this operating system suffers from a weakness that makes it possible to unlock the lockscreen of all iPhones that use iOS version 6.1. In this case it does not matter whether a PIN or a password is used to unlock the phone. After successful exploitation an attacker is able to see and edit contact-information, to add new contacts to the phonebook, to view all pictures, to call the inbox or any of the contacts and to see and delete the list of recent calls or parts of it.

All you need to bypass the lockscreen is patience. The steps to do this are described here:

  1. At first we press the unlock button and slide the bar to the right so the PIN/password prompt appears.
  2. Now we tap the emergency button to see the keypad.
  3. Next we push and hold the unlock button until the “power off”-slidebar appears.
  4. We don’t want to shut the phone done, so we tap cancel.
  5. Now we call any emergency number (e.g. 112) and cancel the call instantly (caution: make sure the call was cancelled before continuing 😉 ).
  6. Press the unlock button twice to lock and unlock the phone and slide the bar away to see the PIN/password prompt again.
  7. You already wondered why I said something about patience. Here we go: We have to hold the unlock button for three seconds. At this very moment short before the “power off”- slidebar appears we tap the emergency button again. If it works we see the “last recent calls”-list. The next step must follow immediately after the list appeared: We need to push the home button and release it together with the unlock button.

I captured a short video where you can see how it works. It can be seen here.

This is at least the third time that Apples iOS suffers from a flaw that makes it possible to bypass the screenlock. The first two flaws are described here and here.

Incidents like these have to be taken into account when performing a risk assessment as for corporate use of smartphones…

Happy hacking 😉

Leave a Reply

Your email address will not be published. Required fields are marked *