Want to break into someone’s new iPhone? It’s easy! First you click the emergency call button, hold down the power button, click cancel, tap the numbers 112, begin the call, and then quickly end the call. Got it? Part two: return to the passcode screen and start holding the power button. In the fraction of a second before the ‘slide to power off’ option appears, tap the emergency call button again.
Presto! You’re in. Try it a few dozen times and you’ll definitely get it. Maybe.
This iOS 6.1 exploit, which is currently enjoying its 15 minutes on the Web, is obviously a large and puzzling security flaw in Apple’s iOS Passcode Lock system. But there are a couple of reasons why iPhone owners who keep their software up-to-date shouldn’t worry too much.
First off, this trick is incredibly hard to pull off. I tried for roughly an hour to break into my own iPhone, but I just couldn’t make it happen — those button presses have to be expertly timed. Unless a would-be iPhone hacker has some serious gaming skills, it likely won’t be easy for them to nail this on the first, or even fifth, try.
Check out the YouTube video below to see how it works. If you can master the bypass, you would theoretically be all set to steal someone’s phone and perform meaningless actions.
That leads to the second point, which is that if you do happen to get through the Passcode Lock, all you can do is play around in the phone app itself. That is fortunately far less risky in a personal-information sense than, say, access to other apps such as Notes (which might contain more sensitive info) or Facebook (which could lead to cruel hacking such as like self-deprecating status updates or a rude private message or two). When you really think about it, only so much harm can come from accessing someone’s contacts and making some calls.
Now, if a theoretical hacker does access your contacts, he or she could also get into your photo albums by way of trying to set a new contact photo. But that doesn’t pose much more of a risk than accessing the phone app does. (Unless you happen to keep particularly incriminating pictures on your photo roll. But that one’s on you.)
The lesson here is simple. While of course Apple should fix this bug, there’s no reason to abandon the iPhone over the purported permeability of the Passcode Lock. A smarter move would be to ensure that you have full access to the My Find iPhone service, which would let you locate the device, and wipe it if you so choose, in the 45 minutes it’ll take the thief to break in. If he ever does, that is.
Image via Apple