Hand over the USB cable —

Researchers find yet another way to get around iOS 6.1 passcode

It turns out there are two versions of this vulnerability in iOS 6.1.

There's a second passcode lock vulnerability in iOS 6.1, according to Vulnerability Lab CEO Benjamin Kunz Mejri (hat tip to Kaspersky Lab's threatpost). Mejri had recently outlined the vulnerability in an e-mail to the Full Disclosure list, highlighting yet another way for attackers to get past the lock screen and access a user's contacts, voicemails, and more.

Yet another iOS 6.1 passcode bug.

As detailed by Mejri, this new bug appears to be slightly different from the one highlighted earlier this month. The two start out in a similar way—by following a set of steps that utilizes the Emergency Call function in addition to the lock/sleep button and the screenshot feature. When making an emergency call, an attacker could cancel the call while holding the lock/sleep button in order to access data on the phone.

The difference between the first exploit and this one is how it can make the iPhone screen go black, allowing an attacker to plug the device into a computer via USB and access the user's data without having their PIN or passcode credentials.

"The vulnerability is located in the main login module of the mobile iOS device (iPhone or iPad) when processing to use the screenshot function in combination with the emergency call and power (standby) button. The vulnerability allows the local attacker to bypass the code lock in iTunes and via USB when a black screen bug occurs," Mejri wrote. "The vulnerability can be exploited by local attackers with physical device access without privileged iOS account or required user interaction. Successful exploitation of the vulnerability results in unauthorized device access and information disclosure."

As we wrote on Feb. 14, a version of the passcode bypass bug first appeared in iOS 2.0, then again in iOS 4.1 with a slightly more complex series of steps. The most recent version of the bug appeared in iOS 6.1, but now it turns out there are two versions of this vulnerability in 6.1. In its beta release of iOS 6.1.3 to developers last week, Apple said it would fix the bug once again—we can only assume Apple plans to patch both versions of this bug since they appear to start out the same way. It's not yet known when iOS 6.1.3 will be released to the public, but we're willing to guess we'll see it in the next couple weeks.

Channel Ars Technica