ID: IRCNE2013031791
Date: 2013-03-22
According to "zdnet", only two days after Apple released a lock screen fix that allowed unauthorized users to bypass the four-digit PIN code on iPhones and iPads, a new password bypass vulnerability has been discovered.
YouTube user videosdebarraquito was able to bypass the lock screen on an iPhone 4 using nothing more than a paperclip. By locking the device and enabling the Voice Control feature, it is possible to circumvent the lock screen by ejecting the SIM card from its tray at the moment the device starts dialing.
From here, the phone application remains open, allowing access to recent call logs, contacts, and voicemail (if it isn't protected by a separate PIN code). But also from here, photos and video can also be accessed by creating a new contact.
As soon as the screen turns off, the device locks again, but this can be bypassed with the SIM card tray removal trick.
At ZDNet HQ in New York, we were able to reproduce this bug on an iPhone 4. It also appears this affects iPhone 4S and iPhone 5 users (German) with Siri disabled, as this re-enables Voice Control.
In Settings, tap General, then Passcode Lock. From here, disable Voice Dial on older versions of iPhones, or enable Siri (as this replaces Voice Control) if you have an iPhone 4S or older.
- 3