One More iPhone Bug Found

Tuesday, February 26, 2013 @ 02:02 PM gHale

There is an issue in Apple’s iPhone iOS kernel that has another passcode bypass vulnerability, the second to surface this month.

With the bug, attackers could gain access to users’ photos, contacts and more by following a series of steps on an iPhone running iOS 6.1.

Developer Site Zero Day Attack Source
Apple Working on Fix to Update
Apple Updates iOS
App on iPhone Insecure

Benjamin Kunz Mejri, founder and chief executive of Vulnerability Lab detailed the vulnerability in a post on the Full Disclosure mailing list last week.

Similar to the iPhone’s passcode vulnerability, the exploit involves manipulating the phone’s screenshot function, its emergency call function and its power button. Users can make an emergency call (911 for example) on the phone and then cancel it while toggling the power on and off to get temporary access to the phone.

A video posted by the group showed a user flipping through the phone’s voicemail list and contacts list while holding down the power button. From there an attacker could get the phone’s screen to turn black before it can connect to a computer via a USB cord. The device’s photos, contacts and more “will be available directly from the device hard drive without the pin to access,” according to the advisory.

The first half of the exploit borrows heavily from last week’s vulnerability – and the Lab notes this in the caption of the video that documents its proof of concept (“already release by other researcher”).

This is the second bypass that can occur by holding down the power button, the screenshot button and the emergency button. From there the phone can plug into a computer and an attacker can cull the information via iTunes from the phone’s hard drive with read/write access.

Apple updated iOS 6.1 to 6.1.2 earlier this week but failed to address the recent passcode bug.

Leave a Reply

You must be logged in to post a comment.