A second iOS 6.1 lock screen bypass vulnerability for the iPhone has surfaced, this time claiming to give unauthorized users access to the files on your smartphone. Unlike the earlier lock screen exploit, this one also has users connecting their iPhone to a computer via USB to gain access to user data, but not everything about this hack adds up.
The new exploit has the potential to give attackers access to your iPhone's content, assuming they have your device in hand, according to Christopher Brook from the security software company Kapersky. He said,
The first half of the exploit borrows heavily from last week's vulnerability – and the Lab notes this in the caption of the video that documents its proof of concept ("already release by other researcher"). It's the second bypass – which can be achieved by holding down the power button, the screenshot button and the emergency button – that's interesting; as it makes the phone's screen, minus the top bar, go black. From there it can be plugged into a computer and the information can be harvested via iTunes from the phone's hard drive with read/write access.
In theory, someone could take your passcode locked iPhone, perform a series of tabs and button pushes, connect the device to a computer, and then access all of your personal data.
The problem with this hack is that the data on a passcode-locked iPhone is encrypted, and unless the built-in security features in iOS allow for the hack to unlock the encrypted data, it shouldn't be accessible. iMore's Nick Arnott summed it up nicely when he stated, "It's not that it would be completely impossible for there to be a bug in iOS where Apple blundered their security so badly that it completely bypassed a user's passcode and any encryption, it just doesn't seem likely."
Connecting a passcode protected iPhone to a computer via USB causes iTunes to show a dialog asking you to unlock the device so that it can access its contents, and once that's done, iTunes should always be able to read the device's contents without unlocking again.
What seems more likely with this new exploit is that it exposes the Phone app and Contacts -- necessary for incoming calls to match to your address book entries -- just as the earlier exploit does. Seeing the rest of the phone's data was probably possible simply by connecting to a computer that had previously been granted access to the device.
While any security weakness that gives someone access to your contacts and the Phone app without permission is a serious issue, it doesn't look like this new exploit poses much more of a threat than the earlier threat.
Apple has promised that an iOS 6.1 update will patch the lock screen access flaw, although there isn't any word yet on exactly when it will be available. We're hoping Apple gets the update out in the next few days instead of weeks.