This is not a complete unlocking of the phone – instead, some sort of bug/race condition that tricks the phone into giving you access to the contacts and phone application. People have reported this working with an iPhone 5 with iOS 6.01, 6.02 and 6.1.
I can confirm this is working on an iPhone 4S with iOS 6.1.1
Update 21 Feb 2013: Confirmed still working with iOS v6.1.2 (10B146).
What this means is that anyone with physical access to your locked phone can
Make phone calls from your phone
Manipulate the call history to hide their calls
See who you have been calling and who has been calling you
View/modify your contacts
Listen to your voicemail messages
Potentially change your voicemail greeting and other settings.
There is nothing you can do right now, other than be extra vigilant about leaving your phone lying about. The takeaway message here is that your iPhone’s passcode does not protect it as much as you would expect.
find out personal and financial information about you
In short, other people having access to your email is A Bad Thing™
Protect access to your accounts by using “Two Factor Authentication”. Your password is one “factor” by which you authenticate to a website. But passwords are guessed or stolen all the time. A second “factor”, like posession of your mobile phone, is a useful second check.
When you use two-factor authentication you raise a high barrier for anyone wanting to take over your account. Try it by giving your email password to a friend and asking them to login to your webmail from their computer. They won’t be able to, without having the unique, one-time code that your phone gives you!
You will need to enable two-factor authentication for each separate website (or service) that supports it.