The Big Break-in: Apple’s iOS 6.1 reveals a gaping flaw

We’d like to think that an Apple product could keep data secure. They have all sorts of security measures in place, after all. There’s the Find My iPhone app that allows you to track down an iPhone if it gets lost. There’s a lockscreen that can be customized with a complex or non-complex passcode in order to keep it from simply getting searched by prying eyes. Then there’s also the fail-safe feature that can be enabled that nukes the entire iPhone’s memory after a set number of failed tries to enter the passcode.. It’s practically Mission: Impossible-level stuff. Add that with the fact that Mac products aren’t traditionally so susceptible to viruses, and it seems like things are secure…

until everyone found out that there was a trick to persuade a little locked iPhone to give up, oh just your contact list, photographs, email, messages and FaceTime data. If you just happen to be using an iPhone, especially if you’re using it as your business phone, and you have more than a little sensitive information stored in it, you might want to take a look at this:

The Pledge, the Turn, and the Prestige

It’s like a magic trick, as presented in a YouTube video that tells virtually everyone in the world how it can be done to every iPhone that is currently running iOS 6.1 (unfortunate, since that incarnation of the OS recently seemed to almost be the fastest downloaded version of the iOS yet).

The idea, apparently, is to trick the iPhone by making an emergency call and then canceling it, so that it just bypasses the lock screen. According to the step-by-step in TechCrunch’s article:

• "From a locked iPhone running iOS 6, load the emergency dial screen.
• Press and hold the power button and then hit cancel.
• Make a fake emergency call I dialed 112 like in the video.
• Hang up immediately.
• Hit the power button to put the phone back in standby.
• Hit the home button to bring up the lockscreen
• Hold down the power button and at the three-second mark, hit the Emergency Call button.
• Keep holding the power button until the Phone App comes up.
• Hit the Home Button and release as if you’re taking a screen shot."

And voila: you have access to the Phone App. And this in turn has access to the user’s contacts, the Photo Stream, FaceTime, your messages, and your emails. It’s more than a little alarming, especially if you have a great deal of personal or business phone-related data in any of those places that other people might want to exploit.

Apple’s Response

After the rousing public outcry at this gaping security flaw in Apple’s latest iOS (it had spread like wildfire all over tech sites) Apple responded that they are aware of the issue and are working as quickly as they could to deliver a fix in a future software update. Users will do well to update as soon as they get it, to safeguard their data.

As if to add gasoline to the flame, a group of hackers that had previously attacked Facebook has now turned its attention to Apple at the time of this writing, attacking a slew of employee Macs. No data was apparently taken.