Skip to content

Posts tagged ‘iphone 4’

26
Oct

Making Calls Using Keylock Bypass Bug on iOS 4.1

A keylock bypass bug has been found in iOS 4.1 which allows unauthorised users circumvent the passcode screen to make calls. It’s a pretty simply trick which involves entering a number (eg. 1) on the ‘Emergency Call’ screen, pressing Call and then immediately pressing the lock button. This brings up the Phone app where the user can pick a name from the contact list, or enter a phone number of their choice. To return the phone to normal (without rebooting it), just hold down the Home button until the Voice screen comes up, press Cancel, and then the lock button.

You are able to add/delete contacts, and open the Mail app by sharing a contact where you can then create and send emails.

Here’s a demo:

I’m running 3.1.3 on an iPhone 2G, and for some reason I can make arbitrary calls directly from the Emergency Call screen without any fancy tricks. Go figure.

These kinds of vulnerabilities are not unique to iPhones however, with similar bypass bugs being found in some Android-based phones.

[Update] Thanks Andy for clarifying what an attacker can do using this technique.

[Update 2] This bug has been fixed in the iOS 4.2 update.

4
Aug

ultrasn0w Carrier Unlock for iPhone 4

Riding the wave of JailbreakMe in the past couple days, the ultrasn0w project has been updated to enable a full carrier unlock for iPhone 4 running baseband version 01.59. This release also supports unlocking iPhone 3G and iPhone 3GS running basebands 04.26.08, 05.11.07 and 05.13.04.

The unlocking process requires a jailbroken iPhone, a process recently simplified by the browser-based process of jailbreakme.com which used a PDF font engine exploit to jailbreak the device. The ultrasn0w tool can be found within the Cydia application repository that is installed as part of the jailbreak. The unlock will now allow iPhone 4 devices to be used on any carrier.

David Wong (aka. planetbeing) from the iPhone Dev Team posted about the news on their blog. The video below by TechTechManTV shows an iPhone 4 being jailbroken and unlocked using jailbreakme.com and ultrasn0w:

css.php