Apple iOS 密码锁安全绕过漏洞

发布日期:2013-02-18
更新日期:2013-02-20

受影响系统:
Apple iOS 6.1 (10B143)
描述:
--------------------------------------------------------------------------------
BUGTRAQ  ID: 57990
 
Apple iOS是由苹果公司开发的手持设备操作系统。

Apple iOS 6.1 (10B143)及其他版本在处理屏幕截图功能、紧急呼叫和电源按钮多个混合事件时,其主登录模块中存在安全漏洞,本地攻击者可在出现黑屏时通过USB绕过密码锁。此漏洞可被没有特权iOS账户特权的本地攻击者无需互动即可利用。成功利用后可导致未授权设备访问和信息泄露。
 
<*来源:Benjamin Kunz Mejri
 
  链接:http://seclists.org/fulldisclosure/2013/Feb/90
        http://seclists.org/fulldisclosure/2013/Feb/98
 *>

测试方法:
--------------------------------------------------------------------------------

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
Proof of Concept:
 =================
 The local code lock bypass vulnerability to access the iphone or ipad can be exploited by local attackers without
required user interaction or
privileged iOS user account. For demonstration or reproduce ...
 
Manually steps to reproduce ... #2
 
0.  Connect your device with itunes and the appstore to make sure the code lock is activated
 1.  Push the power button (top|right)
 2.  The mobile will be activated and the iOS code lock will be visible
 3.  Now, you click on the emergency call
 4.  Try to dail any random emergency call number from a public listing (we used 911, 110 and 112)
 5.  Call the number and cancel the call directly after the dail without a direct connection to the number
 6.  Push again the power button and push after it the iphone button (square) in the middle
 7.  In the next step you push the power button 3 secounds and in the third secound you push also with one finger the
square and with another the emergency call button
 8.  After pushing all 3 buttons you turn your finger of the square (middle) button and after it of the power button
 9.  The display of the iOS will be black (blackscreen)
 10.  Take our your usb plug and connect it with the iOS device in black screen mode
 11. All files like photos, contacts and co. will be available directly from the device harddrive without the pin to
access. Successful reproduced!
 
Video: http://www.vulnerability-lab.com/get_content.php?id=874
 Public Video: http://www.youtube.com/watch?v=DiHz_jkWjsE
 
0.  http://i45.tinypic.com/2lrfgi.png
 1.  http://i48.tinypic.com/10odysn.png
 2.  http://i50.tinypic.com/6p181s.png
 3.  http://i50.tinypic.com/i4l6r9.png
 4.  http://i48.tinypic.com/102nqlu.png
 5.  http://i50.tinypic.com/2a9pqqf.png
 6.  http://i48.tinypic.com/acsv1c.png
 7.  http://i50.tinypic.com/2rcs6dz.png
 8.  http://i48.tinypic.com/etbs09.png
 9.  http://i50.tinypic.com/23vx5xf.png
 10. http://i46.tinypic.com/261i1hd.png
 11. http://i48.tinypic.com/acsv1c.jpg
 12. http://i46.tinypic.com/2u7x4k7.png
 13. http://i47.tinypic.com/k0fzmw.png
 14. http://i50.tinypic.com/28mnuw1.png
 15. http://i48.tinypic.com/241qd5z.png
 16. http://i47.tinypic.com/spximw.png
 17. http://i45.tinypic.com/27xil8w.png
 18. http://i47.tinypic.com/3090fad.png
 19. http://i46.tinypic.com/2vtv5h0.jpg

建议:
--------------------------------------------------------------------------------
厂商补丁:
 
Apple
 -----
 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
 
http://support.apple.com/

相关推荐