With just a few quick steps, it's easy to open the phone app on any locked iPhone running iOS 6.1. From there a person has full access to the photo library, can edit contacts, send emails, text messages or even make a FaceTime call. It's so easy that it's downright silly.
As shown in the video here, the process involves holding down the power button and aborting an emergency call. It worked for me although the timing is tricky.
The flaw causes the phone to load the phone app, giving anyone full access to the dialer, contact list, voicemails, call history and photos by editing a contact. An email or text message can be sent by sharing a contact. FaceTime is accessible through the contacts as well.
Update: Apple has reached out to TechCrunch with the following comment:
Apple takes user security very seriously. We are aware of this issue, and will deliver a fix in a future software update.
The exploit is fairly easy to access but the timing is tricky.
- From a locked iPhone running iOS 6, load the emergency dial screen.
- Press and hold the power button and then hit cancel.
- Make a fake emergency call - I dialed 112 like in the video.
- Hang up immediately.
- Hit the power button to put the phone back in standby.
- Hit the home button to bring up the lockscreen
- Hold down the power button and at the three-second mark, hit the Emergency Call button.
- Keep holding the power button until the Phone App comes up.
- Hit the Home Button and release as if you're taking a screen shot.
The last bit is the hard part. The timing needs to be just right. It took me about 20 minutes to get the timing down.
While new to iOS 6.1, this isn't the first time a simple workaround has resulted in similar access. A comparable exploit was found in iOS 4.1.
Apple will likely address this exploit rather quickly. It's a massive backdoor to some of the iPhone's core functions.