Latest iPhone Security Update Already Beaten
That's two in one month for Apple.
Security compromisers may not be the most beloved demographic on the Web, but they're nothing if not industrious.
Apple's latest iOS update, 6.1.3, has been out for less than two days, but one trickster has already infiltrated the update. Using only a paperclip and some simple settings tweaks, a user called "videosdebarraquito" has discovered a way of bypassing the passcode lock screen.
The trick is obscure, and probably required a lot of trial and error to discover, but it's simple enough to pull off. The iPhone has a feature called "Voice Dial," which has been mostly superseded by Apple's Siri functionality. However, the option still exists, and if it's turned on, your phone is open to an easy hijack.
By holding down "Home" before entering a passcode, you can activate voice dial. By requesting to dial a bogus number (such as "123") while using a paperclip to eject the phone's SIM card, you can force the phone back to its normal dial screen. In addition to giving users a telephonic keypad, this also gives access to the Contacts menu.
Those of you who like toying around in your Contacts know what comes next: Since it's possible to program Contacts with individualized photos, accessing the Contacts menu also grants access to a user's Photo galleries and Videos.
The vulnerability is not as bad as it could be, since it requires direct control over a user's iPhone, and does not appear to grant access to every facet of the OS. A hacker could access private media, but not banking apps or billing information. [See also: 10 Pros and Cons of Jailbreaking Your iPhone or iPad]
An enterprising hacker could probably make the jump from photos to the full app suite, but now that this vulnerability has become very visible, Apple will probably repair it soon. The online community has been quick to point out the irony of 6.1.3, which was supposed to prevent passcode lock bypasses, being compromised so quickly.
If you have Siri activated, Voice Dial is deactivated by default, and you are already protected from this passcode bypass. If not, a quick trip to Settings > General > Passcode Lock will clear up the issue. Now, it will be instructive to see how long Apple waits before releasing iOS version 6.1.4.