[youtube http://www.youtube.com/watch?v=oKOj0GMf810]
Yet another iOS 6.1.x Lock Screen passcode bug has been discovered. This new vulnerability includes similar steps to the previously revealed passcode bug. That other bug will be plugged in the upcoming release of iOS 6.1.3.
Steps to reproduce:
- Connect your device with itunes and the appstore to make sure the code lock is activated
- Push the power button (top|right)
- The mobile will be activated and the iOS code lock will be visible
- Now, you click on the emergency call
- Try to dail any random emergency call number from a public listing (we used 911, 110 and 112)
- Call the number and cancel the call directly after the dail without a direct connection to the number
- Push again the power button and push after it the iphone button (square) in the middle
- In the next step you push the power button 3 secounds and in the third secound you push also with one finger the square and with another the emergency call button
- After pushing all 3 buttons you turn your finger of the square (middle) button and after it of the power button
- The display of the iOS will be black (blackscreen)
- Take our your usb plug and connect it with the iOS device in black screen mode
- All files like photos, contacts and co. will be available directly from the device harddrive without the pin to access. Successful reproduced!
The seemingly most delicate aspect of this bug is that it allows a hacker direct access (via USB) to your iOS’s device’s stored content without a pin.