Access to bypass iPhone apparent hoax – Update

Mar

8

2016

A message from an “investigation” of Vulnerability Labs, it would be possible to gain access to an iPhone or iPad by using vulnerabilities in links from the events calendar or clock Siri interface appears incorrect.

For completeness, it is still under article here:

In iOS 9.0, 9.1 and 9.2.1 various vulnerabilities have been discovered. With physical access to an iPhone or iPad, it is possible to bypass the password by using vulnerabilities in the left from the clock, evenementenkalender- or Siri interface

A patch is so far not available for the vulnerabilities. According to the discoverer of the vulnerability Vulnerability Lab, Apple was already informed on January 3, but there is as yet done nothing with the information. It was therefore decided to publish the vulnerabilities on Monday 7th March.

By making use of links to the App Store, Buy More Tones or Weather Channel from the clock, calender or Siri interface, an internal browser link can be obtained, making it possible to bypass the password or fingerprint scan. Circumventing the access protection is possible if the default settings are adjusted from the phone.

Vulnerability Lab worked to bypass the passcode four different scenarios. In the first scenario, the attacker asks an existing app via Siri. Then Siri responds with a link to the App Store to look for it. Then a small browser window opens with some apps that meet the search criteria. At that time, it is possible to switch to the internal home screen by doing something with the home button or with Siri. The link to enter the phone is in Siri’s interface and says, “Open App Store. This works according to researchers at the iPhone 5 and 6 with all iOS 9.x versions.

Two of the four attack options work on the iPhone and two on the iPad. That’s because the iPad’s screen is larger and therefore some things differently displays. When Apple comes with a fix for the problem is not known. To secure by turning it to life with an iPhone 5 or 6, or an iPad mini, 1 or 2, the researchers recommend the Siri module, the calendar of events and public panel. The settings of the Weather app must be adapted.

All scenarios and steps to counter the problems can be found on the website of Vulnerability Lab.

Update 18:27: The method only works if the user activates Siri with a finger that is already registered with Touch ID, reports Mac Rumors. The trial run without a pre-established fingerprint, the iTunes store does not open. Therefore seems to be the message of Vulnerability Labs false alarm.

Update 2: To avoid further confusion, is to “bypass Passcode iPhone via leak in iOS – update” the title changed to “Passcode bypassing iPhone apparent hoax – Update”

Viewing:-134

In: Technology & Gadgets Asked By: [15780 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »