Only two days after Apple released a lock screen fix that allowed unauthorized users to bypass the four-digit PIN code on iPhones and iPads, a new password bypass vulnerability has been discovered.
YouTube user videosdebarraquito was able to bypass the lock screen on an iPhone 4 using nothing more than a paperclip. By locking the device and enabling the Voice Control feature, it is possible to circumvent the lock screen by ejecting the SIM card from its tray at the moment the device starts dialing.
From here, the phone application remains open, allowing access to recent call logs, contacts, and voicemail (if it isn't protected by a separate PIN code). But also from here, photos and video can also be accessed by creating a new contact. When a new contact is created, it opens up access to the photos application — including Camera Roll and Photo Stream.
As soon as the screen turns off, the device locks again, but this can be bypassed with the SIM card tray removal trick.
At ZDNet HQ in New York, we were able to reproduce this bug on an iPhone 4. It also appears this affects iPhone 4S and iPhone 5 users (German) with Siri disabled, as this re-enables Voice Control.
Upon close examination of the screen recording we took, it appears that when Voice Control is used, it loads up the phone application in the background, which as it begins to call immediately it places this in 'background' mode. When the call begins, for a split-second the phone application displays as it transitions away, only to be replaced by the lock screen once the call is ended.
Removing the SIM card seems to 'confuse' the device, resulting in a pop-up display warning that the SIM card has been removed. This stalls the transition and keeps it in active play.
For now, disabling the feature on devices running iOS 6.1.3 appears to fix this bug.
In Settings, tap General, then Passcode Lock. From here, disable Voice Dial on older versions of iPhones, or enable Siri (as this replaces Voice Control) if you have an iPhone 4S or older.
We've put in a request for comment to Apple but did not immediately hear back at the time of writing.