Vulnerability Lab CEO Benjamin Kunz Mejri (via Ars Technica) has today shown another way to get around the already flawed passcode lock. He outlined the vulnerability as possibly a more serious flaw than the first report highlighted.
Although it seems to be similar to what we have already seen and what Apple is reported to be aware of, the new bug is slightly different. Both start out in a similar way: users need to initiate of the Emergency Call function and then put the device on standby.
The difference between the first exploit and this one is that in the case of the new one the hacker can make the iPhone screen go black and plug the device into a computer using the USB cable. This gives access to the user’s data without even the need to know the owner’s passcode.
“The vulnerability is located in the main login module of the mobile iOS device (iPhone or iPad) when processing to use the screenshot function in combination with the emergency call and power (standby) button. The vulnerability allows the local attacker to bypass the code lock in iTunes and via USB when a black screen bug occurs,” Mejri wrote. “The vulnerability can be exploited by local attackers with physical device access without privileged iOS account or required user interaction. Successful exploitation of the vulnerability results in unauthorized device access and information disclosure.”
As we previously pointed out when the first lockscreen flaw hit the blogosphere, Apple replied by acknowledging the issue. While everybody expected the company to patch the security issue with iOS 6.1.2, Apple fixed only the Exchange bug, and released iOS 6.1.3 beta 2 a couple days later containing the fix for the first exploit of the passcode security. The public version of the software update will likely be released in the near future.