Most early Apple iPhone5 might remember the lock screen bug, which drove a number of users nuts before Apple introduced a permanent fix. Only two days after Apple released the new “iPhone iOS 6.1.3 a new lock screen bug was discovered and allowed unauthorized users to bypass the four-digit PIN code on iPhones and iPads, essentially a new password bypass vulnerability.
The discovery could give an attacker access to private information. But the vulnerability is different from the passcode bug(s) addressed on Tuesday’s iOS update. Nonetheless, the end result is similar: hackers could access the iPhone’s contact list and photos.
The new lock screen bug was first documented by YouTube user videosdebarraquito, who bypassed it using nothing but a paperclip and posted a video demoing the fix procedure. The basic gist, seen in the video below, is to eject the iPhone’s SIM card while using the built-in voice controls to make a phone call. He makes a comment of ‘Sorry, iOS 6.1.3 has a new security flaw, but can be avoided easily. You should disable the “Voice Dial” option if you want to be safe’.
To bypass the iPhone passcode lock on iOS 6.1.3.
There are a couple important things to keep in mind. For one, it appears this bug applies to most modern iPhones, though apparently the procedure isn’t as easy as it looks. The YouTube video shows the hack being executed on an iPhone 4, and iphone in canada was able to replicate it on an iPhone 4. “The Next Web” was able to replicate it on an iPhone 4S but not an iPhone 5. But the iPhone 5 didn’t get away scot free, as German language site “iPhone blog.de” appears to have been able to replicate the bug on that version of the iPhone. We have not yet seen a confirmed case of the bug existing on the iPhone 3GS, though it’s probably safe to assume that it does.
The bug doesn’t look to be related to Siri—rather, it’s related to Apple’s older Voice Control feature. If you have Siri turned on for lock screen functionality (which can be found in Settings > General > Passcode lock), the above procedure doesn’t appear to work, so far, that is. From here, the phone application remains open, allowing access to recent call logs, contacts, and voicemail (if it isn’t protected by a separate PIN code). But also from here, photos and video can also be accessed by creating a new contact. When a new contact is created, it opens up access to the photos application — including Camera Roll and Photo Stream.
As soon as the screen turns off, the device locks again, but this can be bypassed with the SIM card tray removal trick.
Upon close examination of the screen recording we took, it appears that when Voice Control is used, it loads up the phone application in the background, which as it begins to call immediately it places this in ‘background’ mode. When the call begins, for a split-second the phone application displays as it transitions away, only to be replaced by the lock screen once the call is ended.
Removing the SIM card seems to ‘confuse’ the device, resulting in a pop-up display warning that the SIM card has been removed. This stalls the transition and keeps it in active play.
For now, disabling the feature on devices running iOS 6.1.3 appears to fix this bug.