Quantcast

Confirmed: iOS 6.1.3 Has Another Passcode Security Flaw [Update]

iOS 6.1.3 was pushed out just the other day to fix two lockscreen flaws discovered in iOS 6.1. The good news is that the software update is indeed a fix for earlier bugs, but iOS 6.1.3 remains vulnerable to another passcode lock flaw that involves using Voice dial on the iPhone 4.

ios-613-passcode-flaw

YouTube user videosdebarraquito (via iPhoneclub.nl) has posted a video, which you can see below. After being a bit skeptical about the video, since it doesn’t show whether the iPhone is running iOS 6.1.3 or an earlier version, I’ve decided to test it on my iPhone 4 running iOS 6.1.3. We can confirm that the security flaw is indeed present, and that it allows the “intruder” to access your address book and browse the pictures on your device.

The hack involves Voice dial on iPhone 4, as it enables a call to be placed, even if the passcode lock is on. Here is how it works:

  • I used Voice control to dial a number (the video shows calling 123, but we think it is possible with any number, as long as the phone dials that number).
  • as soon as the dialing xxx message appeared, ejected the SIM card
  • the call ended, and I have seen the history of my recent calls
  • from that moment on, I could browse through the Contacts, edit them, and even add a new contact or picture, either by taking a new photo or by choosing one from the photo library as you can see from the image above.

Remember, this only works with your iPhone in the intruder’s hands, and the iPhone is locked back as soon as you insert the SIM card.

Update: Here is our own video successfully testing this passcode bug, using an iPhone 4 and iPhone 4S (Siri needs to be disabled to enable Voice Control). Check it out below:

Also, the exploit works on the iPhone 5 as well, shown by iPhoneblog.de:

Technology enthusiast, rocker, biker and writer of iPhoneinCanada.ca. Follow me on Twitter or contact me via email: istvan@iphoneincanada.ca

  • pppp

    OMFG WTF is WRONG with you in these days, Apple? Wifi problem has still not fixed and security flaw AGAIN???

  • Bailey

    Can’t reproduce this on my i5 (6.01)

  • FragilityG4

    I wouldn’t worry too much … Do you really think the common thief can figure that our on their own?

  • gjgustav

    It’s only on the 4.

  • gjgustav

    Dude chill out. Every phone and OS has flaws. Apple gets all the press, that’s all. Besides, the thief has to have your phone to do this. If you lose your phone to a thief, go to the nearest computer, log on to iCloud, and wipe your phone.

  • WhatThe

    Yes, if the intruder has access to Google or reads this blog.

  • pennig

    It stands to reason though that if an intruder is going to be in a scenario where they have access to your phone to perform this, they’re simply going to steal the device and leave, and don’t actually care about your contacts or the ability to look at your photos.

  • FragilityG4

    You give them too much credit.

  • http://www.iphoneincanada.ca Gary

    Update: added a video of successful tests using an iPhone 4, iPhone 4S

  • BC2009

    It looks you cannot be affected by this if you have activated Siri — only the legacy “Voice Control”

  • http://www.iphoneincanada.ca Gary

    actually, if you see our update it works on the 4S/5 too.

  • Bailey

    Must be on 6.1.3 only Gary, cuz I tried everything to get it working on my i5 and it won’t.

  • http://www.facebook.com/people/Randy-Hill/773158078 Randy Hill

    It’s so much worse than Google Play being filled with malware due to a non-existent review system, and Samsung apps being filled with easily exploitable security holes.

    Or by “so much worse” I mean “far more secure than Android”.