SIM card PIN lock is usually implemented at the very basic level to ensure the security of your handset’s data in case you lose it. In the case of an iPhone running iOS 7.0.1 or 7.0.2, this may no longer be effective. A new vulnerability has been discovered in the aforementioned firmware versions, allowing a hacker to bypass SIM lock screen.
The critical vulnerability has been discovered by security researcher Benjamin Kunz Mejri. Mejri posted a proof of concept video online in which he demonstrates how the SIM lock screen of an iPhone handset running iOS 7.0.1 or iOS 7.0.2 can easily be bypassed by someone who doesn’t know the PIN.
In bypassing the SIM lock screen, Mejri used the following steps:
Step 1: Turn on iPhone running iOS 7.0.1 or 7.0.2. SIM lock screen should be activated on the handset.
Step 2: Now open Calender and scroll to the two hyperlinks. Press Power button, wait for two seconds and then click one of the hyperlinks.
Step 3: The hyperlink will be redirected due to lock screen. Press Power button again for 3 seconds and then hit the Home button.
Step 4: While holding the Home button, choose ‘Cancel’ in the shutdown menu. Open the Control center and navigate to Calculator app.
Step 5: A message box with SIM lock will appear on screen. Now Press Home Button for 3 seconds while at the same time, hitting the ‘Unlock’ key as well as the Home button.
Step 6: Passcode screen will pop up and then you will automatically be redirected to the Calculator app.
Step 7: Finally, press Power button for 3 seconds. Then press Cancel and hit the Home button once.
Step 8: The SIM lock screen will automatically disappear and you will have direct access to the phone’s contents.
While SIM lock screen is very important, it is complemented by the regular Passcode security which is used by most iPhone users. Unfortunately, there even exists a quick iPhone Passcode bypass. This means that your iPhone’s security is very vulnerable and if you lose it, someone will be able to access its content without any hassles.
Source: Vulnerability Lab
Courtesy: The Hacker News