A security flaw on iOS has surfaced that allows anyone to bypass an iPhone user’s passcode and gain access to all their contacts and photos. The bug is claimed to be present in previous versions of iOS as well, but is now getting attention once again after Apple’s most recent update.
Videos on YouTube are now circulating detailing the process, and it appears that it only takes 6 steps to accomplish. However, several attempts may be required because of the timing involved in doing it. Here are the steps:
1. Lock device
2. Slide to unlock
3. Tap emergency call
4. Hold sleep button until the power down prompt shows. Click cancel, you will notice the status bar turn blue. Type in 911 or your emergency number and click call then cancel it asap so the call dosen’t go through.
5. Lock your device with the sleep button then turn it on using the home button.
6. Slide to unlock then hold the sleep button and in 3 seconds tap emergency call. This will spazz out the phone and cause it to open.
[Make sure to continuously hold the sleep button until you are done looking in the phone]
Many sites are mentioning that this process gives access to your contacts and photos, but due to all the contextual actions possible through the phone app on iOS, many more things are possible depending on the data contained within the app.
Apple issued this statement to AllThingsD:
“Apple takes user security very seriously. We are aware of this issue, and will deliver a fix in a future software update.”
So for all you iPhone users out there, until Apple issues a fix for this, do not forget that your phone’s data could be potentially accessed if someone with malicious intent gains access to your phone and is aware of this exploit, even if you have a passcode. Some people are adding that if you turn off the “simple passcode” option, the technique no longer works, so that would be a good option while waiting for a fix.
Update: According to a report on German site iFun , iOS 6.1.2 is due before February 20 and will address the battery-draining Exchange bug as well as this passcode bypass flaw.