Tuesday, 8 October 2013

iPhone iOS 7.0.2 Sim Lock Screen Bypass vulnerability


iPhone iOS 7.0.2 Sim Lock Screen Bypass vulnerability
If you're unlucky enough to lose your Smartphone or have it stolen, anyone who finds the device will also be able to access any content stored on the device, whether its contacts, music or documents.
But by implementing a SIM card PIN lock, everytime the device is powered down and subsequently switch back on again, the PIN will need to enter before the phone can be used.

Security Researcher - Benjamin Kunz Mejri from Vulnerability Laboratory claimed that he found a new vulnerability in the iOS v7.0.1 & v7.0.2, that allows a hacker to bypass the Sim lock Mode.
In a Proof of Concept video, he demonstrates that how an attacker can bypass the restricted section of the iPhone, when Sim Lock is enabled on a Stolen iPhone Device.
Flaw can be exploited without user interaction and successful exploitation results in the bypass of the SIM lock mode to the regular lock mode.
Follow Steps to bypass SIM Lock on stolen Devices:
  1. Turn on your iPhone and ensure you have the iOS v7.0.1 installed and Sim Lock mode is activated.
  2. You will see a black notification in the middle of the display - SIM Locked.
  3. Open the Calendar, and scroll down to the two hyperlinks.
  4. Press the Power button and wait 2 seconds and then press one of the two hyperlinks.
  5. You will be redirected via hyperlink, because of the restriction to the passcode SIM lock.
  6. Press Power button again for 3 seconds and then press the Home button
  7. Click cancel again in the shutdown menu but hold the Home button.
  8. Open up the Control center and go to the calculator. Now a message box appears automatically with the SIM lock
  9. Press the shutdown button for 3 seconds + Unlock Key + Home button.
  10. The Passcode screen will pop up, but you will be again redirected to Calculator.
  11. Now again press the Power button for 3 seconds the  and then press Cancel, at last press the Home button one time.
  12. The Restricted Sim Lock Screen will disappear.
This flaw does not cover Regular Passcode bypass. For that attacker need to use other ways. Shortly after the iOS 7 release date earlier this month, users discovered a lock screen flaw that allowed users to use a simple exploit in order to view private details on the iPhone, iPad or iPod touch.

Apple worked quickly to fix the issue and rolled out iOS 7.0.2, an update aimed at adding Greek keyboard support and tackling the lock screen security flaw. But Just after that another Screen Lock Bypass bug appeared on the Internet. The growing number of iOS 7.0.2 problems are now frustrating iPhone and iPad users.

No comments:

Post a Comment

Popular Posts