It’s only been a few weeks since the first lockscreen hack was discovered on iOS 6.1, but some researchers have already discovered a new way to bypass the iPhone’s lockscreen without entering the security PIN.
The bug was found in iOS 6.1 by Benjamin Kunx Mejri, and it follows some of the steps as the last exploit but has some variation in the steps, and it allows an attacker to access all your data by plugging your device into a computer’s USB port.
According to the report from Ars Technica, Mejri’s hack starts out similar to the previous attack, in that you place an Emergency Call and use the power and home buttons to access the iPhone’s contacts. However, Mejri’s exploit can make the iPhone screen go black, and then gives access to device’s data once its plugged into a USB port.
“The vulnerability is located in the main login module of the mobile iOS device (iPhone or iPad) when processing to use the screenshot function in combination with the emergency call and power (standby) button. The vulnerability allows the local attacker to bypass the code lock in iTunes and via USB when a black screen bug occurs.
The vulnerability can be exploited by local attackers with physical device access without privileged iOS account or required user interaction. Successful exploitation of the vulnerability results in unauthorized device access and information disclosure.”
Apple has said that they plan to fix the bug with the iOS 6.1.3 update, but has not given an actual release date for the fix. To see the latest exploit in action, check out the video below.
Source: Threat Post