Skip to content

Posts tagged ‘keylock’

23
Nov

iOS 4.2.1 Released with Free “Find My iPhone”

Apple has finally released the highly-anticipated iOS 4.2 (actual version is 4.2.1), bringing support for the iPad along with several other feature including AirPlay and AirPrint.

Along with this release, Apple has made the “Find My iPhone” functionality in MobileMe free to all iPhone, iPad and iPod Touch device owners. This service uses a combination of GPS, cell tower and wifi-network triangulation to obtain the location of the device, which can then be mapped. It also allows you to send messages, lock or completely wipe the remote device. To use this feature, you’ll need add a MobileMe account using your iTunes Apple ID by going to Settings > Mail, Contacts, Calendars > Add account. You can then track your device using the Find My iPhone app available in iTunes, or using the MobileMe web interface.

Users concerned about the privacy implications of this feature can easily disable it by going to Settings > Mail, Contacts, Calendar > Select your MobileMe account > Set ‘Find My iPhone’ to Off. Have a look at Apple’s KnowledgeBase article for more info on this feature.

iOS 4.2.1 brings with it a number of security updates (including Safari and numerous WebKit patches). Although it’s not mentioned in the update details, the previously-reported cool-but-deadly keylock bypass vulnerability has been fixed. Hit the jump for full details.

Related: Protecting and Recovering Your iPhone and iPad from Loss and Theft!

Read moreRead more

4
Nov

iOS 4.2 Update Fixes Passcode Bypass Bug

The upcoming iOS 4.2 update, recently seeded to developers, fixes the recently-discovered keylock/passcode bypass bug. The bug allows any user with access to a locked iPhone to make phone calls, view/modify contacts, and send/view emails, by exploiting a simple bug on the “Emergency Call” screen.

Full details of security patches in this update will be announced upon release.

[Update] iOS 4.2.1 has been released.

26
Oct

Making Calls Using Keylock Bypass Bug on iOS 4.1

A keylock bypass bug has been found in iOS 4.1 which allows unauthorised users circumvent the passcode screen to make calls. It’s a pretty simply trick which involves entering a number (eg. 1) on the ‘Emergency Call’ screen, pressing Call and then immediately pressing the lock button. This brings up the Phone app where the user can pick a name from the contact list, or enter a phone number of their choice. To return the phone to normal (without rebooting it), just hold down the Home button until the Voice screen comes up, press Cancel, and then the lock button.

You are able to add/delete contacts, and open the Mail app by sharing a contact where you can then create and send emails.

Here’s a demo:

I’m running 3.1.3 on an iPhone 2G, and for some reason I can make arbitrary calls directly from the Emergency Call screen without any fancy tricks. Go figure.

These kinds of vulnerabilities are not unique to iPhones however, with similar bypass bugs being found in some Android-based phones.

[Update] Thanks Andy for clarifying what an attacker can do using this technique.

[Update 2] This bug has been fixed in the iOS 4.2 update.

css.php