February 25, 2013

iOS Lockscreen Bypass Bug Found, Again

A security flaw in iOS devices has been discovered that allows anyone to bypass the lock screen and perform a handful of functions. The discoverer of the flaw, Youtube user videosdebarraquito, explains the process in detail  in a video. By making and quickly aborting an emergency call the lockscreen can be partially bypassed to access the phone app, view/modify contacts, check voicemail, and view photos.

The most remarkable aspect of this finding is not the bug itself but that this is the third time Apple has shipped an iOS revision containing a lockscreen bypass bug. The issue first appeared when iOS was still dubbed ‘iPhoneOS’, specifically iPhoneOS version 2.0. The bug was subsequently fixed in iPhoneOS 2.1, but made a re-appearance in iOS 4.0. Again the bug was squashed, this time with iOS 4.1, only to reappear in its latest form in iOS 6.1. iOS 6.1.2 has since been released, but does NOT fix the lockscreen bug. Developers are reporting, however, that 6.3 beta 2 has finally fixed the issue.

Although these lockscreen bugs are a concern for those worried  about strangers or more irksome ‘friends’ viewing/modifying private data, the security of even a fully functioning lockscreen may be less useful than many expect. Although the iPhone protects locked data with AES-256, it is still protected by the weakest link of what is often a four digit pass code  Although this four digit pass code is protected from brute-forcing attempts by the OS, this can by bypassed in an iOS susceptible to jailbreaking, currently all versions of iOS. A group of security researchers demonstrated this weakness and were able to fully bypass the lockscreen in under six minutes. Ensure that a long password is selected for the lockscreen and expect that those with physical access to the device may be able to gain access to protected information on it.