The new iPhone 5s has a lot of mechanisms designed to help the owners of stolen devices in making sure the thieves can’t gain access to their data. However, experts from Germany’s Security Research Labs (SRLabs) have demonstrated that they can be easily bypassed.
Now that iOS 7 and iPhone 5s are out, everyone wants to take a crack at it. Researchers from all over the world are presenting scenarios in which the iPhone’s security systems are bypassed.
In a video demonstration they’ve published, SRLabs experts show how a thief can bypass all security features and even hijack Apple accounts.
Once their phone is stolen, iPhone owners might initiate a remote wipe to make sure the thief can’t gain access to their data. However, the remote wipe doesn’t work if the phone is in airplane mode.
By putting the device in airplane mode, the thief has all the time in the world to bypass the lockscreen and even gain access to the victim’s information by hacking his Apple account.
The fingerprint scanner can be tricked, as other experts have already demonstrated. Of course, in some cases, the thief might get lucky and unlock the device by trying the most common 4-digit PINs, such as 1111, 0000 or 1234.
Once he has access to the iPhone, the thief can get the Apple ID and request a password reset. If Wi-Fi is enabled on the stolen device, the password reset email arrives before the remote wipe kicks in.
If he’s careful to quickly deactivate the Wi-Fi immediately after hearing the “email received” tone, he can prevent the phone from being wiped.
After changing the password, it doesn’t matter if the data from the iPhone is remotely wiped, because the attacker can later restore the data from the victim’s iCloud.
Check out the interesting 6-minute demonstration made by the German researchers: