Simple Method Allows iPhone Passcode Lock To Be Bypassed
According to ZDNet, the feature which lets users set a four-digit pincode to limit access to the device, can be easily bypassed with a few finger taps on the iPhone to give an intruder access to sensitive information.
Here are the steps to exploit this vulnerability (requires physical access to a passcode-protected device) to access the phone, e-mail and SMS messages, Google Maps and the full Safari browser:
Set up a passcode lock (Settings > General > Passcode Lock and enter a 4-digit passcode. iPhone then requires you to enter the passcode to unlock it).
Set up contacts in address book with e-mail address, phone numbers and Web sites.
Turn off/on iPhone and move slider to get to “Enter Passcode” screen.
Tap “Emergency Call” button (buttom left).
Double tap home button.
This pulls up all contacts in the Favorites list.
Tap on the blue arrow next to contact’s name to get full access to e-mail, SMS, Safari, etc.
This particular vulnerability was fixed by Apple for iPhone v1.1.3 and iPod touch v1.1.3 back in January this year, but the issue affects iPhone and iPod Touch 2.0, which means the January fix never made it into the newer versions of the software.
As a workaround, users should remove all Favorites until Apple ships a proper fix. Another method would be setting your home button “Settings->General->Home Button” to “Home”.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.