A security flaw recently discovered in iOS 6.1 lets anyone bypass your iPhone password lock and access some of your data after following a series of steps. The method is detailed in the YouTube video below and involves making and immediately canceling an emergency call, holding down the power button a couple of times during the process, and pushing the home button after getting into the phone’s contact list.
Once the lock is bypassed you won’t actually have full access to every app on the phone but it’s still possible to snoop around local device data. Particularly, users will be limited to the Phone app, and from there it’s possible to browse contact information, make calls, check voicemails, and look through photos (by attempting to add a photo to a contact). You can even send emails and texts through the sharing-a-contact feature.
Exactly how someone came up with such a combination of button holding and tapping is beyond me, but I was able to verify the method on an iPhone 4 running iOS 6.1 and it works. No word on whether iPads and iPods are vulnerable too but it seems unlikely since the process involves making an emergency call.
This isn't the first time a lock screen vulnerability in iOS has become public. A very similar bug affected iOS 4.1 back in 2010 and was fixed in iOS 4.2. The company hasn’t commented on the latest loophole yet.
Here are the detailed steps:
- Lock device.
- Slide to unlock.
- Tap emergency call and type in your emergency number (911, 112, ...).
- Tap the call button and immediately cancel the call.
- Lock device again with the sleep button and then turn it on using the home button.
- Slide to unlock.
- While on the lock screen hold the sleep button for three seconds and quickly tap emergency call before the switch off slider shows up. This will cause your phone’s screen to flicker and then show the phone app.
Update: Apple has issued a statement saying it plans to fix the exploit in a future software update. The company did not offer a timeline of when such an update would arrive.