An auth passcode bypass vulnerability has been discovered in the iOS v9.0, v9.1, v9.2.1 by Vulnerability Laboratory.
The passcode protection mechanism bypass vulnerabilities can be exploited by local attackers with physical device access and without privileged or restricted device user account.
For Security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.
1.1
Manual steps to reproduce the vulnerability … (Siri Interface – App Store Link) iPhone (Models: 5, 5s, 6 & 6s)
1. Take the iOS device and lock the passcode to the front
2. Open Siri by activation via Home button (push 2 seconds)
3. Ask Siri to open a non existing App
Note: “Open App Digital (Öffne App Digital)
4. Siri responds to the non existing app and asks to search in the appstore
5. Now, and “open App store” button becomes visible to push (do it!)
6. A new restricted browser window opens with the appstore buttom menu links
7. Click to updates and open the last app or push twice the home button to let the task slide preview appear
8. Now choose the active front screen task
9. Successful reproduce of the passcode protection bypass vulnerability!
1.2
Manual steps to reproduce the vulnerability … (Clock & Timer – Buy more Tones Link) iPhone (Models: 5, 5s, 6 & 6s)
1. Take the iOS device and lock the passcode to the front
2. Open Siri by activation via Home button (push 2 seconds)
Note: “Open World Clock” (Öffne App Weltuhr)
3. Push the ‘Timer’ module button on the buttom
4. Now, push the Radius or End Timer Button in the middle of the screen
Note: A listing opens with the sounds collection and on top is a web link commercial
5. Push the button and a new restricted browser window opens with the appstore buttom menu links
6. Click to updates and open the last app or push twice the home button to let the task slide preview appear
7. Now choose the active front screen task
8. Successful reproduce of the passcode protection bypass vulnerability!
Note: The vulnerability can also be exploited by pushing the same link in the Alerts Timer (Wecker) next to adding a new one.
1.3
Manual steps to reproduce the vulnerability … (Clock World – Weather Channel Image Link) iPad (Models: 1 & 2)
1. Take the iOS device and lock the passcode to the front
2. Open Siri by activation via Home button (push 2 seconds)
Note: “Open App Clock” (Öffne App Uhr)
3. Switch in the buttom module menu to world clock
Note: on the buttom right is an image of the weather channel llc network
4. Push the image of the weather channel llc company in the world map picture
Note: Weather app needs to be deactivated by default
5. After pushing the button and a new restricted browser window opens with the appstore buttom menu links
6. Click to updates and open the last app or push twice the home button to let the task slide preview appear
7. Now choose the active front screen task
8. Successful reproduce of the passcode protection bypass vulnerability!
Note: The issue is limited to the iPad 1 & 2 because of the extended map template!
1.4
Manual steps to reproduce the vulnerability … (Events Calender App – Weather Channel LLC Link) iPad (Models: 1 & 2) & iPhone (Models: 5, 5s, 6 & 6s)
1. Take the iOS device and lock the passcode to the front
2. Open Siri by activation via Home button (push 2 seconds)
Note: “Open Events/Calender App” (Öffne Events/Kalender App)
3.Now push on the buttom of the screen next to the Tomorrow(Morgen) module the ‘Information of Weather Channel’ link
Note: Weather app needs to be deactivated by default
4.After pushing the button and a new restricted browser window opens with the appstore buttom menu links
5. Click to updates and open the last app or push twice the home button to let the task slide preview appear
6. Now choose the active front screen task
7. Successful reproduce of the passcode protection bypass vulnerability!
Here is the video demonstration:
For more info check this link.
March 7, 2016
Comments are closed.