iOS 6.1 Passcode bug

Yesterday, Jailbreak Nation highlighted a bug with iOS 6.1 that allows users to bypass a passcode lock on an iPhone to access the phone function and contacts on the device. While the bug allows only limited access to the device and can require several attempts to achieve the correct timing to exploit, it is gaining significant attention today.

Having this kind of bug in the OS is certainly not good and Apple needs to fix it ASAP. I still don’t understand how do people figure this stuff out?



  • http://twitter.com/djbressler David Bressler

    Exactly my question.

  • Luke

    What, no snarky remarks about Android’s openness, and how Android users should all switch to the iPhone and be secure from security issues?

    • http://www.tumblr.com/blog/his-divine-shadow His Shadow

      It hardly needs to be said, does it? It’s kind of pointless to talk about the lack of security regarding Android when it’s a given.

      • http://twitter.com/DumaStudetto Duma Studetto

        It’s a given with iOS too as has been proven time and time again. And OS X. There’s usually a long list of security fixes included with every update.

        I’m also curious how these relatively complicated sequence of events flaws keep showing up in iOS that bypass password locks. Law enforcement probably could find some value in them.

        • http://www.tumblr.com/blog/his-divine-shadow His Shadow

          The point is no one talks about Android security because Android has no security. The only reason an exploit makes the news regarding Apple is because Apple is actually working on making their OSes secure.

          And we won’t bother to go into the fact that security bug counts are a meaningless metric.

          • http://twitter.com/DumaStudetto Duma Studetto

            “The point is no one talks about Android security because Android has no security.”

            Yeah that must be the reason. A fine point too, game, set and match to you. :)

    • http://www.facebook.com/drew.pitchford1 Drew Pitchford

      No, because this “hack” is unbelievably complicated and the average person wouldn’t be able to use it to break in. On Android, however, just follow the finger prints.

      • http://www.johncblandii.com John C. Bland II

        Yeah, right. That’s a gross oversimplification. Many of the issues people point out on Android, normal users would never run across: side loading malware, turning on debugging/tweak certain settings then plugging into a computer to run an app that messes w/ your computer, etc.

      • http://twitter.com/DumaStudetto Duma Studetto

        FYI it’s not the average idiot who still laughs at Jim’s “open, winning!” talking points memos you need to be concerned about. :)

  • http://www.tumblr.com/blog/his-divine-shadow His Shadow

    This is an old bug. Just a different access methodology.

  • BC2009

    This seems more like a purposely coded backdoor by a disgruntled developer than a bug.

    What’s next? Up-Down-Left-Right-A-B-B-A-Start?

    • http://twitter.com/DumaStudetto Duma Studetto

      Yeah a purposely crafted backdoor is what I’m starting to seriously consider now this has happened a second time. Whether it’s a disgruntled developer or not I don’t know. And we have no clues since we can’t look at the code and establish how easy it should have been to spot in peer review.

      • Steven Fisher

        No, I doubt it. If the lock screen is not the root UI process — which it clearly isn’t — causing a crash will cause this to happen. It becomes a matter of finding a way to crash it or something it launches. Crashes are usually not hard to find.

        • tyr

          Interestingly, a bug I had in 6.0 did just that: unlocking the screen sometimes left me with an unresponsive phone displaying the same screen while background processes still worked, incoming calls, camera, etc. Fixing that bug may be what caused this regression.

  • http://www.johncblandii.com John C. Bland II

    They need to separate Passcode from the OS. That way it is a simple app update and not an OS one.

    • Techpm

      The existing delta updates accomplish the same thing (just updates what changed) and guarantees that the individual components version’s are known for any given OS version

  • http://www.tumblr.com/blog/his-divine-shadow His Shadow

    “While the bug allows only limited access to the device…”

    …we must do everything to in our power to turn this into a debacle.

    The Spice Traffic Must Flow…