A bug has been discovered on the iPhone running iOS 6.0.1 and iOS 6.1 which allows users to bypass the lock screen passcode and gain access to a users Contacts and the users Camera roll. The trick only works on iPhones because it uses the Emergency Call button.
Here’s how it works, though we caution against trying this since it does involve a brief dialing of an emergency number. Please follow the directions and immediately cancel those calls. A safer way to test this is to remove the SIM card from the iPhone, preventing any communication with the outside world.
- Tap the “Emergency Call” button, then attempt to turn off the iPhone and tap Cancel
- Attempt to dial an emergency number like 112 and immediately cancel that phone call and go back to the lock screen
- Attempt to unlock the iPhone again, and start holding the power button for 3 seconds, then tap the “Emergency” button again right before the ‘Slide to Power Off’ option appears
- Continue holding Power to keep access to the device
If done properly, the lock screen then seemingly forcibly quits (or crashes) and you are now sitting in the users Phone and Contacts app, with full access to the address book, call log, and even Photos and Camera Roll by way of editing contact information.
If you are concerned about the security implications of this, turning off simple numerical passcodes and using a complex password of multiple character variations is sufficient to prevent the bug from working at all.
The lock screen bypass was originally found in early February by the YouTube video embedded below, which Gizmodo discovered and brought to wider attention:
The Verge offers their own recent video demonstrating the effect:
A very similiar lock screen bypass bug existed a while back in iOS 4.1 for iPhone, it too relied on the Emergency Call button and was patched quickly by Apple in a point release.
This is the third prominent bug to impact iOS 6.1. One effected 3G reception for some iPhone 4S users and was patched by the iOS 6.1.1 update, and another impacts Microsoft Exchange users which causes battery drain and communication issues due to excessive pinging of the remote Exchange servers Calendar function.
Apple will likely release a minor iOS patch update to resolve this problem rather quickly.