iOS 6.1.3 security flaw allows passcode lock bypass... again [VIDEO]

Filed Under: Apple, Featured, iOS, Privacy, Vulnerability

Passcode bypassiOS 6.1.3 has only just been released by Apple, and already a security hole has been followed - allowing anyone to bypass the passcode lock on iPhones, and access private data on the device.

Embarrassingly for the Cupertino company, one of the main reasons for installing iOS 6.1.3 was that it promised to fix other security flaws that allowed the lock screen to be bypassed.

The flaw was found by "videosdebarraquito", who seems to be making a hobby of embarrassing Apple by uncovering lock bypass flaws. In a video he demonstrates that it's not particularly complicated to avoid the iOS 6.1.3 passcode lock if you have physical access to the device and a widget for removing the SIM card.

Here is videosdebarraquito's video, where he demonstrates how the passcode can be bypassed:

It appears that circumventing the passcode lock can allow an unauthorised party access to the device's photo gallery and use the phone.

The good news is that this security flaw can be easily prevented. The passcode bypass relies upon use of the "Voice Dial" feature of iPhones, which is disabled on devices using Apple's Siri voice recognition feature.

If you *aren't* using Siri, then the recommendation is to disable "Voice Dial". If you do that, your device shouldn't be prone to this passcode bypass.

Disable the Voice Dial option

You can disable "Voice Dial" on your iPhone by going to Settings / General / Passcode Lock. (Note that if you have Siri enabled you won't see an option for "Voice Dial" there, as it has been automatically disabled).

Easy as it is to avoid this flaw putting your iDevice at risk, it's still embarrassing for Apple as it comes so soon after other passcode lock bypasses were publicised.

Let's hope that Apple fixes this flaw soon, and shuts a permanent door on passcode lock bypasses.

, , , , , ,

You might like

9 Responses to iOS 6.1.3 security flaw allows passcode lock bypass... again [VIDEO]

  1. Jake Steeley · 498 days ago

    I wonder why apple.com doesn't post anything about this on their website and/or if this is indeed a security flaw, can I return my iPhone and get a refund?

  2. Roel · 498 days ago

    Isn't that the exact same video as the 6.1.2 bug? What was fixed if the bug is still there?

  3. Guse · 498 days ago

    It's not exactly complicated, true, but not exactly easy either. I'd dare say that the benefit of voice dialing far outweighs the risks of this particular hack.

    I suppose if you're not using voice dialing, you're just back to the old adage: "if you don't need it, disable it." It's not something I'm going to warn friends and family about, though...

  4. Ted Treen · 498 days ago

    Perform the most unlikely acts simultaneously, strangle a rubber chicken, sacrifice a virgin**, speak Satan's name three times backwards and you can bypass the security on iPhone/Galaxy/Whatever.

    I have serious concerns about the mental well-being of those who not only discover such arcane procedures, but who spend time experimenting to find what sequences of odd behaviour might produce a result.

    Unless the phone manufacturers start employing idiot-savants to test their new editions of each OS, it's impossible to guard against, as almost any normal, rational, well-balanced being wouldn't even be able to conceive of some of these "action chains".

    **Good luck in finding one...

  5. Samsung Galaxy has a bug very similar and potentially more devastating because it allows complete access to the entire system.

    There are so many vulnerabilities in the Galaxy family and almost anything covered here.

    Here's a tip: http://threatpost.com/en_us/blogs/vulnerabilities...

  6. ikram · 497 days ago

    how do you know he did hat bypass on ios version 6.1.3 he might have done it on an older version dont believe anything you see

  7. Jaimy · 497 days ago

    I'm assuming this would only apply to iPhones with SIM cards. So probably my iPhone 4 on Verizon isn't affected (no SIM to remove).

  8. Onward · 309 days ago

    This one just saved my wife. At least she can now manually copy all her contacts out before doing a factory reset. So while my mind boggles as to how this was discovered, I am glad that it was.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.