New Passcode Bypass Demonstrated in iOS 6.1.3

| News

A new passcode bypass has been demonstrated in iOS 6.1.3, an update released to patch a previous passcode bypass hack discovered in February. A video posted to YouTube demonstrates a series of steps that gives a user access to your iPhone's phone, contacts, and photos even when the device is locked with a passcode.

The flaw was published by YouTube user "videosdebarraquito," the same user who discovered and demonstrated the previous exploit. Apple patched that flaw on Tuesday, but by Wednesday, videosdebarraquito had posted the new flaw.

By initiating a call via voice dialing and popping out the SIM card on the iPhone before the call actually takes place, the device pops up a warning about the SIM card and then shows the dialer screen.

From there, users can access the iPhone's contacts, including the ability to add a contact or edit existing contacts. Through the contact editing or creation process, it's also possible to view the iPhone's photo library.

Here's the video:

According to videosdebarraquito, you can protect yourself against this particular exploit by turning off the Voice dialing feature found under the Passcode section of your iPhone's General preferences, as shown in the screenshot below.

Passcode Preferences

Voice Dial Preferences

Note that "Voice Dialing" is only available when Siri is turned off.

[Via CNet]

The Mac Observer Spin The Mac Observer Spin is how we show you what our authors think about a news story at quick glance. Read More →

This is an interesting security area, and we hope that Apple is able to get ahead of exploits like these. There are worse things than having some schmuck gain access to your phone and contacts, but it's also possible that some people could find their devices (and accounts) used for expensive overseas calls or even to simply call $10 per hour 1.900 numbers. 

The last exploit took a month for Apple to fix, and we hope this one is a quicker.

Popular TMO Stories



Maybe I just didn’t see it, but after multiple viewings, I still didn’t see where he showed that he was using 6.1.3.


I wonder how the heck people find these. I mean starting to make a call via voice dialing and then ejecting the SIm isn’t the sort of thing you’d likely stumble onto. And the one before this was a ridiculous series of steps. I just find it amazing that people figure this out.

Lee Dronick

Meanwhile in Cupertino a teenage geek did this

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account