The iOS 6.1 lockscreen hack from earlier this month isn’t the only security vulnerability in Apple’s latest mobile OS.
Benjamin Kunz Mejri, the chief executive of the security firm Vulnerability Lab, detailed yet another iOS 6.1 hack last week in the Full Disclosure mailing list. The hack enables attackers bypass your iPhone’s lockscreen password, giving them access to your phone’s contacts, photos, voicemails, and more.
Judging from Mejri’s description, the new hack seems related to the earlier iOS 6.1 lockscreen exploit. Both involve using the iPhone’s emergency call function, cancelling it immediately, and then trying to make a screenshot. But the newer attack takes advantage of a slightly different method to make the iPhone vulnerable (basically, pressing the power, home, and emergency call buttons all at once).
Apple acknowledged the previous iOS 6.1 security flaw and quickly issued a fix to developers with the second iOS 6.1.3 beta. That update hasn’t yet trickled down to iPhone owners, and it’s unclear if it also fixes Mejri’s exploit.
Here’s how Mejri describes the exploit in his e-mail to Full Disclosure:
The vulnerability is located in the main login module of the mobile iOS device (iphone or ipad) when processing to use the screenshot function in combination with the emegerncy call and power (standby) button. The vulnerability allows the local attacker to bypass the code lock in iTunes and via USB when a black screen bug occurs.
The vulnerability can be exploited by local attackers with physical device access without privileged iOS account or required user interaction. Successful exploitation of the vulnerability results in unauthorized device access and information disclosure.
Check out a video of the exploit below:
VB’s research team is studying mobile user acquisition... Chime in here, and we’ll share the results.