Card Trick Bypasses iPhone Screen Lock
|
|
CREDIT: Apple
|
A video has surfaced on YouTube claiming to demonstrate a "major flaw" in Apple iPhone security, but even the person in the video has trouble demonstrating the error.
"This security flaw gives you access to all contacts and recent calls, even if you have a passcode on your device," says the unseen English-speaking narrator, who identifies himself as Tariq Mansour from the Egyptian Apple-related website iPhoneIslam.com.
Mansour takes a regular screen-locked iPhone 4 running on the Etisalat network, places a call to it from another phone, but then quickly disconnects before the target iPhone has a chance to answer. That generates a "Missed Call" notification on the target phone.
"Now we will try to reply on this phone while the GSM network is searching," Mansour says.
Using the special tool that comes with a new iPhone, Mansour pops out the phone's SIM card, or Subscriber Identity Module, and pops it back in several times. At the same time, he tries to automatically dial back the missed caller by swiping the "Missed Call" notification.
The aim is to confuse the phone's software by having it do three things at once — return the missed call, find a viable cellular network and protect itself with a screen lock.
It's not as easy as it sounds. Mansour tries repeats the procedure more than half a dozen times, varying the sequence of steps with each attempt.
"It will be easier if you find a place without network coverage," notes a banner placed across the screen.
Finally, Mansour is able to access the Phone app without having unlocked the iPhone.
"As you see," he narrates while switching between screens, "this is the full contacts, and this is the favorites."
"I also can make [a] phone call," he says before doing just that.
However, it doesn't appear that the workaround gives you access to anything beyond the Phone app. Mansour doesn't go to the home screen, or even open another app from the Phone contacts list.
In that respect, it's similar to two other recent Apple device flaws, both since patched. One used an iPad 2's SmartCover to give someone access to the last used app without unlocking the iPad. The other used Siri, the iPhone 4S' voice-command app, to make calls, write emails and send text messages from a locked phone.
A banner on the YouTube video claims that the new trick works on the iPhone 3G, 4 and 4S. But it probably won't work on CMDA-based iPhones, such as those running on the Verizon Wireless and Sprint Nextel networks in the U.S. Those phones don't need SIM cards to operate.
SecurityNewsDaily was not able to duplicate the workaround.
