iOS 6.1 had not one, but two security exploits that allowed an attacker to bypass an iPhone’s lockscreen to gain access to a users’ data. Apple finally patched up those two holes yesterday with the iOS 6.1.3 update, yet the new version of iOS contains another passcode security flaw.
Using the iPhone’s Control feature, attackers can still bypass your lockscreen. The good news is that the new lockscreen exploit only works on iPhone 4 units right now.
A Cult of Mac reader notified us of the security hole that was originally discovered by YouTube user videosdebarraquito, and it allows an intruder to access your address book and pictures without punching in your passcode.
To run the hack, first use Voice control to dial a number. As soon as the iPhone begins to dialing, eject the SIM card, and the iPhone will show its recent call log. From that screen you can browse and edit contacts and add new pictures.
Here’s a video walkthrough of the exploit in action:Related