Apple has been a bit bitter past a few of its iOS releases making it that much easier for iOS device users to spit out what they chew. After the release of iOS 6.1.2, we imagined Apple to have gotten on its high horse to resolve security issues that haunted iOS 6.1. Unfortunately, our dreams remain shattered. Apple has been unable to fix 3G connectivity and Exchange Calendar bugs in iOS 6.
It seems like hackers have been able to by-pass iOS's security code once again. Founder and CEO of Vulnerability Lab, Benjamin Kunz Mejri, has described the two exploits discovered in full, giving us a tutorial on how to use them for our own benefit.
Vulnerability Lab's Benjamin Kunz Mejri posts:
A code lock bypass vulnerability via iOS as glitch is detected in the official Apple iOS v6.1 (10B143) for iPad & iPhone. The vulnerability allows an attacker with physical access to bypass via a glitch in the iOS kernel the main device code lock (auth). The vulnerability is located in the main login module of the mobile iOS device (iphone or ipad) when processing to use the screenshot function in combination with the emegerncy call and power (standby) button. The vulnerability allows the local attacker to bypass the code lock in iTunes and via USB when a black screen bug occurs. The vulnerability can be exploited by local attackers with physical device access without privileged iOS account or required user interaction. Successful exploitation of the vulnerability results in unauthorized device access and information disclosure.
For starters, you will be using the Emergency Call feature, the lock/sleep button and the screenshot feature. This will help you to by-pass the security code needed to access information on an iDevice.
In the first exploit, the hacker can penetrate the iDevice while placing the emergency call, cancelling the call while holding the lock/sleep button and bang! That's it. The hacker will be able to access the iDevice without the security code.
In the second exploit, the hacker needs to make the iPhone screen go black in order for him/her to plug in the iDevice into a computer through USB and access the phone without the PIN or security code.
You can by-pass iPhone, iPad or iPod's security by following the steps given below:
1. Make sure the code lock is activated.
2. Switch your device on by pressing the power button (top right).
3. The iDevice will come to life and the passcode lock will be visible on the screen.
4. Click on the Emergency Call.
5. Dial any random Emergency number such as 911 and hit call.
6. Disconnect the call immediately after so that the network does not connect to your dialled number.
7. Press power button and then the home button on your device.
8. Now, push the power button for three seconds, immediately followed by the home button and the emergency call button all at the same instance (without removing your finger off the other).
9. Take your finger of the home button first and then the power button.
10. The iDevice's screen, at this moment, will be black.
11. Connect your iDevice with you computer with a USB in this mode.
12. You will now have access to all files available in the system.
However, this method has its limitations too and we request our readers to attempt the above hack at their own risk and for their own knowledge.
If you have lost your iPhone, iPod or iPad, we would advice you to use the remote wipe-out feature to erase all your personal data from the iDevice before it gets into wrong hands.
This article has been written by Dr. Sindhia Javed Junejo. She is one of the core members of RHA team.
At RHA Infosec we provide different types of Security Testing from small business sites to Corporate Sites. Click Here to know more about our complete list of services.
Kindly Bookmark it and Share it with Friends: