New iOS 6.1 Flaw Allows Access to iPhone's Contacts, Photos

UPDATE – With enough work, users can bypass the lockscreen on Apple’s ubiquitous iPhone by exploiting a flaw on its most recent operating system iOS 6.1. By simply making an emergency call and holding down the power button on an iPhone twice, users can gain access to the device’s phone feature, view and edit contacts, check voicemail and look through photos, according to reports today.

[youtube http://www.youtube.com/watch?v=MDkLpj3MM-c&version=3&hl=en_US]

According to Gizmodo UK, a video posted two weeks ago on YouTube posted by the user videosdebarraquito breaks down the lockscreen trick. The video appears to involve a lot of arbitrary button pushing and tricking the phone into thinking it’s being turned off before placing an emergency call and cancelling it. Once in, however, users are granted access to a handful of the device’s functions. The phone’s keypad, contacts, voicemail are accessible – and by electing to add a photo to a new contact, one could easily skim through the phone’s photo gallery.

For those who follow iPhone security, this may all sound too familiar. Researchers around this time last year found a problem (CVE-2012-0644) with iOS 5’s missed call notification. Much like the recent flaw, the iOS 5 flaw made it easy to access a user’s contacts, recent calls, voicemails and text messages.

While last year’s passcode vulnerability was patched in the following month’s security update, iOS 6.1 was only released two weeks ago. When contacted Thursday Apple confirmed the vulnerability and directed us to a statement made by company spokeswoman Trudy Muller.

“Apple takes user security very seriously” Muller told tech blog AllThingsD. “We are aware of this issue, and will deliver a fix in a future software update.”