New iOS 6.x Lock Screen Exploit Makes All The Stored Data Freely Available Via USB Connection [VIDEO]
If your device is on iOS iOS 6.1, you are likely aware of several issues that have plagued the operating system upon launch, including a serious security exploit that made data within an iPhone accessible to any unintended user. Another vulnerability has now been discovered which allows any user to access the internal data of the iPhone device running iOS 6.1 or 6.1.2 by simply plugging it into a computer via USB. Worse even, it is not too difficult to perform.
The passcode lock feature, which has been built into iOS since its original launch, doesn’t only prevent unauthorized users from accessing sensitive data stored on the device, it also keeps it from prying eyes in case the device is connected to an unidentified computer via USB.
This exploit is way trickier than the previous iOS 6.1 lock screen exploit, however it is still quite doable. Try it for yourself by following the steps below:
Step 1: Push the power button on the top-right.
Step 2: On the lock screen, tap on the Emergency Call option.
Step 3: Dial any emergency number (112, 911 or 110) and quickly hang up after your phone starts dialing.
Step 4: Push the power button again, quickly followed by the home button.
Step 5: This is where it gets slightly tricky – press and hold the power button for 3 seconds, after 2 seconds also press the Home button and the Emergency Call button on the lock screen. Leave them pressed.
Step 6: After one second, first release the home button and the Emergency Call button, followed by the power button.
Step 7: If it all goes well, your phone’s display will be black, except for the status bar at the very top.
Now, once you plug your phone into any computer, regardless of whether it has been authorized before, many of the files stored on the device will be fully accessible to any user. Or, as laid out by the original report on this vulnerability:
“The vulnerability can be exploited by local attackers with physical device access without privileged iOS account or required user interaction. Successful exploitation of the vulnerability results in unauthorized device access and information disclosure.”
While Apple was expected to fix this problem with iOS 6.1.2, it now seems that the patch has been postponed for the 6.1.3 release, currently being worked on.