iPhone hack: Your iPhone's not as locked as you think

Do you lock the front door but leave the windows open? A new hack shows how iPhones are vulnerable, even when locked.

|
Samrang Pring / Reuters
A man uses his iPhone to film a Cambodian festival, Feb. 25. A new hack, the second in a month, allows a users to bypass the PIN of a locked iPhone.

A glitch in Apple's iOS 6.1 operating system makes it possible to access an iPhone's sensitive data, including contacts and photos, without entering the correct passcode, or personal identification number (PIN).

The security flaw, the second PIN bypass that security researchers have found this month, takes a bit of tricky button-pushing in a specific order. But once done successfully, it allows an intruder to download the phone's data over USB to a computer that would have otherwise been locked out.

The security hole was disclosed in full detail by Vulnerability Lab CEO Benjamin Mejri on Seclists.org, where he explained how to get around an important security feature that millions of Apple customers rely on every day. The hack involves simply manipulating the button-press sequence for the screenshot and emergency-call functions.

If the exploit is performed successfully, Mejri explained, the device will go into "black screen mode," showing a dark blank screen. Once the device is connected to a computer, the intruder has direct access to the compromised device's hard drive. A video Mejri produced shows the procedure all the way through to success.

TechNewsDaily was able to reproduce the "black screen mode" portion of the hack on an iPhone 5 by following Mejri's instructions but could not access the phone's hard drive once it was connected to a computer.

Earlier this month, a YouTube video surfaced showing a simpler iPhone hack that allowed unauthorized access to a phone's contacts and photos by making an emergency call and pushing the power button twice.

Apple released an operating system update, iOS 6.1.2, earlier this week but did not address this particular issue, fixing instead bugs related to the calendar app and battery life, despite telling tech blog AllThingsD that a security fix would be coming in a future update.

Devices can be hacked in this manner only if an attacker has physical access to the device. So it's best to follow that advice you hear from the train conductor or read on signs in the bus: Keep your valuables close to you at all times.

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to iPhone hack: Your iPhone's not as locked as you think
Read this article in
https://www.csmonitor.com/Technology/Latest-News-Wires/2013/0225/iPhone-hack-Your-iPhone-s-not-as-locked-as-you-think
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe