Feb. 14, 2013 at 12:28 PM ET
It may take practice — and really great timing — but anyone can bypass your iPhone's passcode to make calls, send out emails and messages, scroll through your call history and view (and even edit) your contacts.
Adrian D'Urso of JailbreakNation was among the first to explain how one can take advantage of the new security flaw. (He even created a YouTube video to walk folks through the process.) Following D'Urso's instructions, I managed to circumvent the passcode on my own iPhone 5 as well as a co-worker's iPhone 4. Both devices were running iOS 6.1, the latest update, which appears to be at the center of the vulnerability.
All I had to do is open up the iPhone's "emergency call" menu and hold down the top button, as if I was intending to shut the device down. Once the shut down prompt appeared, I canceled out of it, typed in 911, and pretended to be making an emergency call. (It's very important to cancel the call immediately lest it actually go through and cause trouble.)
I next tapped the top button so that the screen went to sleep, then woke the iPhone with a press of the homebutton. Then came the tricky part: I had to hold the top button down and tap the on-screen "emergency call" button just as the shut down prompt was about to appear. (This takes about three to four seconds.) When I got the timing just right, the Phone app showed itself, allowing me to access some iPhone features — as long as the top button stays pressed down. It's weird, but something I could reproduce again and again once I got the hang of it.
It's possible to view contacts, call history and voicemails. It's also possible to edit or create new contacts, and even forward some to other folks. While you can't view SMS, iMessages or emails, it is possible to send them. Initially, it appears as if attempts to make phone calls fail, but you can make a phone call by attempting one, then releasing the top button. (The hack may wear off then, but the pirate call will go through.)
The security flaw reminds us of one which temporarily affected iOS 5 in the past. That one required you to pull out a SIM card — meaning that you'd have to keep a paperclip on hand — while the new trick is all about button pushing.
"Apple takes user security very seriously," an Apple spokesperson told NBC News. "We are aware of this issue, and will deliver a fix in a future software update."So far, it doesn't appear as if there's a any way to protect yourself from it if your device is on iOS 6.1 (and we'd be remiss to suggest that you use an older iOS version, as it might lack some other bug and security fixes).
The only comfort is that taking advantage of this latest security flaw requires practice and great timing — the phonejacker's equivalent of patting your head and rubbing your stomach at the same time.
Want more tech news or interesting links? You'll get plenty of both if you keep up with Rosa Golijan, the writer of this post, by following her on Twitter, subscribing to her Facebook posts, or circling her on Google+.