iOS 6.1.3 Contains Yet Another Lock Screen Bypass Flaw

Zack Whittaker, ZDNet:

Only two days after Apple released a lock screen fix that allowed unauthorized users to bypass the four-digit PIN code on iPhones and iPads, a new password bypass vulnerability has been discovered.

YouTube user videosdebarraquito was able to bypass the lock screen on an iPhone 4 using nothing more than a paperclip. By locking the device and enabling the Voice Control feature, it is possible to circumvent the lock screen by ejecting the SIM card from its tray at the moment the device starts dialing.

“Why are there so many of these flaws?” you ask.

Well, dear reader, the lock screen of an iOS device isn’t really that; it’s more like a pocket dialling mitigation screen. Remember that you can use Siri, Passbook, the camera, and music controls without having to type in the passcode. It’s been given so much access to the core iOS system that it becomes difficult to contain what is allowed, and to deny what is not allowed.

It’s amazing that these flaws get found, though, given how creative and tricky most of them are (take a look at the related videos on YouTube).