Locking your iPhone with passcode is the popular choice of most people to keep their iPhone safe from prying eyes. But researchers have discovered a new iPhone vulnerability that can bypass your lockscreen code in iPhones and iPads running iOS 8 and iOS 9. Now it’s not clear if other devices are affected.
LogBook : iPhone Vulnerability Can Bypass Your Lockscreen Code
The new iPhone vulnerability was discovered by security analyst Benjamin Kunz Mejri, a penetration tester and security analyst for Vulnerability Lab.
This iPhone vulnerability will let hackers to access the data behind your lockscreen password.
Since the flaw not seems to be that much serious because hackers hackers would have to gain physical access to the iPhone or iPad and they would have to be able to manage an unlocked iOS device for a few minutes, which means the target would likely trust the hacker with the smartphone or tablet.
Physical access to the device is required, so the advice is to make sure you do not leave your iPhone or iPad unattended.
Vulnerability Laboratory has issued a security advisory that warns: “An application update loop that results in a pass code bypass vulnerability has been discovered in the official Apple iOS (iPhone 5 & 6 | iPad 2) v8.x, v9.0, v9.1 & v9.2. The security vulnerability allows local attackers to bypass pass code lock protection of the Apple iPhone via an application update loop issue. The issue affects the device security when processing to request a local update by an installed mobile iOS web-application”.
It has been assigned a Common Vulnerability Scoring System (CVSS) count of 6.0, as well as a ‘high’ severity rating.
As explained by security expert Graham Cluley, the exploit works by taking advantage of a brief period after rebooting during which passcode authentication is disabled.
Vulnerability Laboratory shares a list of steps (text is produced verbatim with the original typos and grammatical oddities) that allow interested parties to replicate the bug :
- First fill up about some % of the free memory in the iOS device with random data
- Now, you open the app-store choose to update all applications (update all push button)
- Switch fast via home button to the slide index and perform iOS update at the same time. Note: The interaction to switch needs to be performed very fast to successfully exploit. In the first load of the update you can still use the home button. Press it go back to index
- Now, press the home button again to review the open runnings slides
- Switch to the left menu after the last slide which is new and perform to open Siri in the same moment. Now the slide hangs and runs all time in a loop
- Turn of via power button on the ipad or iphone ….
- Reactivate via power button and like you can see the session still runs in the loop and can be requested without any pass code. Note: Normally the pass code becomes available after the power off button interaction to stand-by mode
- Successful reproduce of the local security vulnerability!
Benjamin Kunz Mejri also posted a proof-of-concept video of the attack taking place.
Kunz reported the threat to Apple back in late 2015, but the issue is still present, Security Affairs notes.