Exploit allows contacts, photos access on a locked iPhone 5

There's a way to gain access to a lot of private data on an iPhone 5 running iOS 6.1

There's a way to gain access to a lot of private data on an iPhone 5 running iOS 6.1, even when that phone is locked with a passcode. Reports about the exploit began circulating early Thursday, though the YouTube video with the method was actually posted at the end of January.

The hack requires a series of seemingly disconnected steps, and takes practice to pull off. Obviously, you're only at risk if your locked iPhone ends up in the hands of someone with knowledge of the trick. Once you use the method to bypass an iPhone's passcode, you gain access to the locked phone's contacts, voicemails, and photos.

To break past the passcode, you:

1. Slide to unlock the iPhone, and tap the Emergency Call button.

2. Press and hold the sleep/wake button until the Slide to Power Off screen appears, and then tap Cancel.

3. Dial an emergency number like 112, press the green button, and then immediately press Cancel.

4. Lock the iPhone with the sleep/wake button.

5. Wake up the phone again, and slide to get to the passcode screen again.

6. Press and hold the sleep/wake button for three seconds, and press the Emergency Call button just before the Slide to Power Off screen appears. Immediately press the Home button, and then release both buttons.

If it works--it took me several tries to get it right--you'll instantly find yourself staring at the locked iPhone's contacts. You can browse their data, edit them, or place calls. And by tapping to add a photo to a contact, you can browse through all the saved photos on the iPhone.

Apple spokesperson Trudy Muller told Macworld, "Apple takes user security very seriously. We are aware of this issue, and will deliver a fix in a future software update." This isn't the first time the iPhone's passcode has been broken, and Apple released a patch soon after that similar exploit gained attention, too.

Tags Appleconsumer electronicssecurityiPhonesmartphonesExploits / vulnerabilities

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Security Solutions-GigaVUE-420

In partnership, Newgen provides innovative network monitoring and security solutions based upon Gigamon’s GigaVUE-420 systems.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.