Last week, we have reported a security breach in iOS that allow developers over the security firm to access the iPhone while in the lock-screen protected by pass-code, and moreover, the vulnerability allows them to access all the iPhone’s data, key logs, and other information on the iOS devices. The initial report suggests that the team over Micro Systemation use their own in-house tool accomplish this task on an iPhone 4 using a tool named XRY. However, after getting a big hit from media the security firm quickly removes the video from the Youtube, which demonstrating their tool.
However, the secret behind the tool was still not clear, but thanks to the prominent personality of jailbreaking community, Will Strafach aka @Chronic has just revealed the dirty secret behind their claims which they have used to deploy their code on the iPhone to access the information, and making a big buzz in the community, where the security exploit brokers are willing to pay more than $250,000 for an iOS exploit. According to him, the Micro Systemation developers have used the openly available open-source limera1n exploit discovered by Geohot, which is currently used by iPhone DevTeam to bring tethered jailbreaks for the older devices on latest iOS firmware versions.
Chronic reports that developers have used the limera1n exploit with the combination of their own custom ramdisk to access the information from the iPhone memory, and their custom ramdisk doesn’t use any rocket science, which allows them to accomplish this data. Instead, they have used the really immature trick to access the data on an iPhone while in locked status. Chronic briefly explains in a note on his blog that their own developed custom ramdisk is only capable of access the iPhone, when it is locked with default “0000” pass-code, but when someone uses some tricky code on an iPhone, it takes a lot time to access over the information.
He also notes that their XRY tool cannot be used on iPhone 4S, iPad 2 and the new iPad, as these devices are carrying the new-generation processors who are not exploitable to limera1n, and therefore, the XRY tool trick is also limited to the older generation devices.