Apple’s promising to fix a flaw, revealed in a YouTube video, that allows anyone with physical access to a device running iOS 6.1 to bypass the lock screen, which requires a four-digit PIN, and gain partial control.
The hack is presented as a bit of a joke: “For prank [sic] your friends… For a magic show…Use it as you want, at your own risk, but… please… do not use this trick to do evil !!!”
It certainly involves some unusual actions and some very precise timing, from almost turning the phone off twice to making an emergency call – which is cut off before it goes through. This isn’t all that easy: while many people are able to replicate the procedure, others say they can’t.
The result isn’t full access to the phone, just to its contact list, recent calls, voicemails and photos.
“It’s not really a trick. It’s a crime, even without the bogus emergency call,” says Paul Ducklin of Sophos. “Not, perhaps, a terribly serious crime. But mucking around with other people’s computers is behaviour we ought to stamp out of our lives.”
Apple’s acknowledged the flaw, and says its working on a fix. Last time it dealt with a similar bug, though, in iOS 4.1, it took a month to get around to it.
The company’s already had to acknowledge two other flaws in iOS 6. At least two European carriers warned users off the upgrade, saying it caused connection problems. At the same time, many IT departments found that a bug in the way calendar invites are handled was causing sharp spikes in server logging.