Passcode hack lets thieves unlock Apple iPhones
Published 15/02/2013 | 10:40
THE iPhone lock screen can now easily be bypassed thanks to a security flaw that renders the device accessible to hackers.
Millions of iPhone users have added a four-digit security pin code to prevent unauthorised users from accessing their phone, but a new loophole in the latest software now means that anyone can bypass it.
With a dozen simple steps, the iPhone’s email, contacts, text messages, voice mail and even video calling can be accessed in version 6.1 of Apple’s iOS software.
Techcrunch, a gadget blog, called the exploit “a massive backdoor to some of the iPhone’s core functions”.
Posted on YouTube by a blogger identifying themselves only as VideosdeBarraquito, the Apple hack has been viewed by nearly 4,000 people, and replicates a similar flaw with earlier software, iOS 4.1.
The process can be triggered by aborting an emergency call and then executing a dozen simple button presses to fool the device into keeping the iPhone open.
The flaw means that the iPhone opens the phone app, giving access to the main systems including call logs and messages. It relies on precise timing, but can easily be replicated by any user.
The problem is not the first faced by Apple, which previously enjoyed a reputation for being immune to security problems that plagued PCs.
In 2009 Apple patched a problem that meant a series of text messages could trigger a remote takeover of a user’s iPhone.
Charlie Miller, a security adviser with Independent Security Evaluators, warned that these messages could in fact contain code for an executable file that would then embed itself in the iPhone's memory, and allow a hacker to access and control the device remotely.
In 2011, Germany’s IT security agency warned that Apple’s iOS - the operating system that runs the iPhone, iPad and iPod touch - had a ‘critical weakness’ that would allow hackers to run malicious code.
The German Federal Office for Information Security (BSI) said that opening an infected PDF on an iOS device could allow malicious programs to run on the device. Apple subsequently patched the flaw with a software patch.
Although Apple have not responded to requests for comment, sources said the latest flaw is likely to be fixed quickly. SImilar situations involving Samsung were fixed in a matter of days.
- Matt Warman, Telegraph.co.uk