A Mobile Pass Code (auth) flaw was recently discovered in iOS 6.1 allowing people to access contacts list, photos et cetera into a passcode protected iPhone. The lock screen bug was not addressed in iOS 6.1.1 and iOS 6.1.2 update until Apple rolled out iOS 6.1.3 beta 2 to developers, which includes a fix for the initial passcode exploit.
A similar bug has been discovered in iOS 6.1 that apparently gives access to more user data when the iPhone is plugged into a computer.
As evident in the video, the passcode lock protection can be bypassed by dialing and then cancelling an emergency call (911 for example) while toggling the power button. The method has been posted on the Full Disclosure mailing list. Kaspersky’s Threatpost:
Similar to the iPhone’s passcode vulnerability, the exploit involves manipulating the phone’s screenshot function, its emergency call function and its power button. Users can make an emergency call (911 for example) on the phone and then cancel it while toggling the power on and off to get temporary access to the phone. A video posted by the group shows a user flipping through the phone’s voicemail list and contacts list while holding down the power button. From there an attacker could get the phone’s screen to turn black before it can be connected to a computer via a USB cord. The device’s photos, contacts and more “will be available directly from the device hard drive without the pin to access,” according to the advisory.
Check out the video demoing the iOS 6.1 passcode lock bug in action: