With just a few quick steps, it’s easy to open the phone app on any locked iPhone running iOS 6.1. From there a person has full access to the photo library, can edit contacts, send emails, text messages or even make a FaceTime call. It’s so easy that it’s downright silly.
As shown in the video here, the process involves holding down the power button and aborting an emergency call. It worked for me although the timing is tricky.
The flaw causes the phone to load the phone app, giving anyone full access to the dialer, contact list, voicemails, call history and photos by editing a contact. An email or text message can be sent by sharing a contact. FaceTime is accessible through the contacts as well.
Update: Apple has reached out to TechCrunch with the following comment:
Apple takes user security very seriously. We are aware of this issue, and will deliver a fix in a future software update.
The exploit is fairly easy to access but the timing is tricky.
The last bit is the hard part. The timing needs to be just right. It took me about 20 minutes to get the timing down.
While new to iOS 6.1, this isn’t the first time a simple workaround has resulted in similar access. A comparable exploit was found in iOS 4.1.
Apple will likely address this exploit rather quickly. It’s a massive backdoor to some of the iPhone’s core functions.