Modernizing Authentication — What It Takes to Transform Secure Access
Vulnerability Lab researchers recently uncovered a new flaw in iOS 6.1 that leverages a technique similar to a recently-disclosed method of bypassing an iPhone's lock screen. A YouTube video uploaded by Vulnerability Lab demonstrates the flaw in detail.
"The latest exploit, which uses a similar method as the earlier hack, allows an attacker to bypass the iPhone’s passcode security and plug the device into a computer to access the handset’s internal data," writes BGR's Dan Graziano.
"The two start out in a similar way -- by following a set of steps that utilizes the Emergency Call function in addition to the lock/sleep button and the screenshot feature," writes Ars Technica's Jacqui Cheng. "When making an emergency call, an attacker could cancel the call while holding the lock/sleep button in order to access data on the phone."
"It's the second bypass -- which can be achieved by holding down the power button, the screenshot button and the emergency button -- that’s interesting, as it makes the phone’s screen, minus the top bar, go black," writes Threatpost's Christopher Brook. "From there it can be plugged into a computer and the information can be harvested via iTunes from the phone’s hard drive with read/write access. In the accompanying video, the phone’s images and address book can be viewed on a PC without the user having to enter the phone’s passcode thanks to iTunes’ iPhone sync function."