Just two days after Apple unveiled a lock screen fix that made it possible for unauthorized users to get around the four-digit PIN code on iPhones and iPads, the latest password bypass vulnerability appears to have been found.
YouTube user videosdebarraquito managed to bypass the lock screen on an iPhone 4 working with nothing else than a paperclip. By locking the phone and enabling the Voice Control function, it’s possible to circumvent the lock screen by ejecting the SIM card out of its holder within the time the device begins dialing.
After this, the phone app stays open, enabling entry to recent call logs, voicemail, and contacts. But additionally after this, video and photos may also be accessed by creating a new contact. As soon as new contact is made, it gives access to the photos app.
Once the display turns off, the device locks all over again, however this can be bypassed using the SIM card holder removal trick.
At TechZec we managed to recreate bug on an iPhone 4. Additionally it seems this is affecting iPhone 4S and iPhone 5 users (German) with Siri disabled.
After a close exam of the display recording we took, it seems like that after Voice Control is put to use, it loads up the device app from the background, that as it starts to call straight away it places this in ‘background’ mode. Once the call commences, for a split second the phone app shows as it transitions away, just to get replaced by the lock screen when the call is finished.
The removal of the SIM card appears to ‘confuse’ the phone, causing a pop-up display warning that the SIM card is removed. This process stalls the changeover and maintains it in active play.
At the moment, deactivating the function on devices running iOS 6.1.3 seems to resolve this bug.
Inside Settings, tap General, after that Passcode Lock. From here, deactivate Voice Dial on old versions of iPhones, or enable Siri if you own an apple iPhone 4S or older.