clock menu more-arrow no yes mobile

Filed under:

New iPhone lock screen exploit discovered in iOS 6.1.3, exposes contacts and photos

New, 87 comments
iPhone lock screen exploit
iPhone lock screen exploit

It's starting to seem like clockwork at this point: when Apple patches up one vulnerability affecting its iOS lock screen, someone manages to find another security hole. 24 hours after the release of iOS 6.1.3 — which addressed one lock screen bug — the iPhone's primary data safeguard has been foiled once more. Like previous methods, the new workaround grants access to your photos, contacts, and phone dialer. Unlike exploits that have come before though, this one involves more than just software.

To reproduce the process seen below, you'll need to physically eject the phone's SIM tray midway through a Voice Control-initiated phone call. Since Voice Control is central to the hack, only owners of an iPhone 4 or iPhone 4S with Siri disabled are at risk. Not to mention that a SIM eject tool (or paper clip) is necessary to pull this off in the first place. Still, it's a security gap that needs to be addressed by the folks in Cupertino. We've been able to confirm the vulnerability here at The Verge, and have reached out to Apple for comment on the matter.