There are numerous ways to keep your smartphone safe from prying eyes, and a lock screen protected with a passcode is a popular choice. But a newly discovered vulnerability in iOS 8 and iOS 9 means that iPhones and iPads could be accessed by attackers.
The vulnerability was discovered by security analyst Benjamin Kunz Mejri and it has been assigned a Common Vulnerability Scoring System (CVSS) count of 6.0, as well as a 'high' severity rating. Apple has been aware of the issue since late last year, but has yet to issue a patch.
Vulnerability Laboratory has issued a security advisory that warns: "An application update loop that results in a pass code bypass vulnerability has been discovered in the official Apple iOS (iPhone 5 & 6 | iPad 2) v8.x, v9.0, v9.1 & v9.2. The security vulnerability allows local attackers to bypass pass code lock protection of the Apple iPhone via an application update loop issue. The issue affects the device security when processing to request a local update by an installed mobile iOS web-application".
As explained by security expert Graham Cluley, the exploit works by taking advantage of a brief period after rebooting during which passcode authentication is disabled. Vulnerability Laboratory details how to exploit the security hole (text is produced verbatim with the original typos and grammatical oddities):
- First fill up about some % of the free memory in the iOS device with random data
- Now, you open the app-store choose to update all applications (update all push button)
- Switch fast via home button to the slide index and perform iOS update at the same time. Note: The interaction to switch needs to be performed very fast to successfully exploit. In the first load of the update you can still use the home button. Press it go back to index
- Now, press the home button again to review the open runnings slides
- Switch to the left menu after the last slide which is new and perform to open Siri in the same moment. Now the slide hangs and runs all time in a loop
- Turn of via power button on the ipad or iphone ....
- Reactivate via power button and like you can see the session still runs in the loop and can be requested without any pass code. Note: Normally the pass code becomes available after the power off button interaction to stand-by mode
- Successful reproduce of the local security vulnerability!
Check out the video below to see the exploit in action:
Physical access to the device is required, so the advice is to make sure you do not leave your iPhone or iPad unattended.
Photo credit: Twin Design / Shutterstock