Money Matters - Simplified

Field day for Hackers? Vulnerability threatens security of iPhones

Gone are those days when one felt that the password key meant safety and security for the iPhone 5!! Every other day we get some new information regarding the sharp mindedness of the hackers. This time a new vulnerability has been unearthed in the iPhone lock screen allowing the hackers to gain access to personal information and bypass the password locks of the user.

The Full Disclosure report

You can set the thought aside that your iPhone 5 is invincible, as the Full Disclosure report by the Vulnerability Lab detected a snag in it. This was given in details on the Threatpost blog of Kaspersky Labs that Hackers can misuse the Emergency Call Function to peek into the lock screen of the iPhone. This vulnerability gives the attacker the total access to voicemails, contact lists, personal information and photos of the user.

The details of Hacking

"The exploit involves manipulating the phone’s screenshot function, its emergency call function and its power button," stated the write up by Threatpost.com. "Users can make an emergency call (911 for example) on the phone and then cancel it while toggling the power on and off to get temporary access to the phone." reported the Threatpost.com.

Let’s look into the way the hackers work:

In the beginning make a code lock check. If it works adequately, then flick the power button. After this open the option of the emergency call button. After that dial the emergency numbers like 110, 911 or 112.

While the call is being processed, cancel the requested number and turn off the mobile by pushing the power switch on the top right hand corner. After that push the top right power button again and switch to the device pin or code lock again. Once again push the power button on the top right hand corner, keeping it pressed for three seconds.

In the 3rd second again press the emergency call button. A screen pops up, announcing the commencement of shut down procedure. Here comes the catch - as long as the hacker is holding the power button he can dial any unknown number to call and also get an access to the address book of the mobile.

This process even makes the voice mail accessible to the attacker. Any number can be then dialed from the mobile if the top right corner button is pressed while making the call.

After this the hacker can get the phone data through the computer, by attaching a USB cord to the smartphone. This vulnerability threatens iPhone 5 devices that run on the iOS 6.1.

The Full Disclosure report states "The vulnerability allows the local attacker to bypass the code lock in iTunes and via USB when a black screen bug occurs," The report further writes "Successful exploitation of the vulnerability results in unauthorized device access and information disclosure."

Apple remains mum on the issue.