The manager in charge of security for the lock screen feature of iOS would have had a rough day at the office. Just 24 hours after launching an update to patch a flaw which allowed access to an iPhone through a bug in the lock screen, another bypass has already been discovered. Wednesday saw the release of a YouTube video showing how a locked iPhone could be accessed by triggering the voice calling function and ejecting the SIM card through a paper clip. This trick allows access to a user’s contacts and photos. The other functions of the phone are still off limits and this works for an iPhone with a removable SIM card coupled with vulnerable voice dialing capabilities. Although the video is shown using the iPhone 4, reports claim that the vulnerability can be reproduced on the iPhone 4S as well. This is the third time that this problem has popped up on the iPhone.
The first was a more serious bug that surfaced in October 2010, while the second was a repeat of the same problem last month. On Tuesday, iOS version 6.1.3 was released addressing the issue, but as it turns out the patch didn’t address the vulnerability exploited by Barraquito (the user who posted the video on YouTube), who claimed that he had tested the trick on an iPhone with iOS 6.1.3 installed. Apple isn’t the only company struggling with lock screen issues as Android devices manufactured by Samsung have displayed similar problems as well. Apple has advised all users to refrain from using voice dial until a new patch is released addressing the flaw.
This has raised several concerns among the iPhone faithful who continue to be careful in handling their phones. The latest backdoor bypass saga has led to employees at Apple throwing in extra hours to ensure that the problem is addressed as quickly as possible. Something as simple as accessing the emergency call and typing a number of keys to access sensitive user data is clearly questioning Apple’s credibility in delivering secure phones.
Although Apple claims that these exploits work only on jailbroken phones, users who haven’t jailbroken have also reported similar issues. Patrik Runald, a Websense security researcher even confirmed the same through his Twitter feed. Apple seems rather surprised that this bug has surfaced again after it has been fixed not once but twice. However, even a company like Apple must realise it doesn’t take much time for one among a million monkeys sitting in front of a typewriter to reproduce the works of Shakesphere.
