Skip to main content

iOS 6.1 security flaw lets users skip lock screen

A four-digit passcode may not be enough to protect your iPhone, thanks to a reported security flaw in Apple's iOS 6.1.

Based on a new method detailed by YouTube user videosdebarraquito, anyone with the updated OS can bypass the password lock and access the Phone app, view or modify contacts, check voicemail, and browse photos.

The grainy demonstration was first posted on YouTube at the end of January, but was picked up today by The Verge, which posted its own, more coherent video.

"Easy trick that allows bypass an iPhone's passcode and get full access (see and edit) to contacts list, list of recent calls, favorite contacts, and even make a call to any phone number on the hacked device and erase the log," the original YouTube video description said.

The hack directs users to open the emergency call functionality available on locked iPhones, push down the power button, and tap cancel. Users are then directed to dial 112, tap green and then immediately red before returning to the passcode screen.

"Keep pushing down the power button ...1...2...3...seconds and before showing the slider 'turn off'...tap the emergency call button and ...voilá!" the instructions read. "Then without releasing the power button press the home button."

"For prank your friends... For a magic show... Use it as you want, at your own risk, but... please... do not use this trick to do evil!!!" the YouTube poster wrote.

Apple did not immediately respond to a request for comment.

A similar glitch a couple of years ago allowed access to locked iPhones running iOS 4.1. The late 2010 hack followed the same process, but ended a couple of steps earlier. At the time, Apple acknowledged the issue and promised to deliver a fix with iOS 4.2.

This is not the only bug to plague iOS 6.1, however. Apple also identified a fix for an iOS 6.1 Microsoft Exchange bug that left iPhones and iPads running the latest OS with "excessive logging" on the server. The problem was traced to Apple code, which will be fixed in an "upcoming" software update, according to the company.