« Synchrotech Releases ExpressAdapt PCMCIA PC CardBus to USB Mode ExpressCard Adapter | Home | Review: Fluid.app »
August 27, 2008
iPhone Security Flaw Discovered, Lock Code Can be Bypassed
You're not going to like this one.
According to Macworld UK and the MacRumors forums, a locked iPhone can be accessed by anyone with the right sequence of button presses:
Pressing the emergency call button at the unlock screen, followed by two taps on the home button, takes you to the iPhone's private 'favorites' page without the need to enter the unlock code.If the owner of the phone has favourite entries in their address book containing URLs, email addresses or mobile phone numbers, then those entries can be used to launch the browser, mail application or SMS (Short Message Service) software and gain access to private web favourites, email messages and text messages stored in the phone, again without entering the unlock code.
The security hole, which was recently discovered by a MacRumors forum user, apparently came as a surprise to an Apple spokeswoman in London, who mentioned that she'd look into the matter.
In the meantime, private data can be kept secret by not adding e-mail addresses or URLs to favorite address book entires.
Stay tuned for more details as they become available and let us know what you think over in the comments or forums.
Posted by chrisbarylick at August 27, 2008 9:47 AM
Category: iPhone
Tags: Apple, button, code, favorites, handset, home, iPhone, London, mail, screen, security flaw, SMS, tap, unlock, URLs
Buy from: Apple, iTunes
, Amazon
Digg This |
Post to del.icio.us |
Post to Furl
- Users Reporting Flickering/Blinking on Late 2008 MacBook Pro Notebook Screens
- EFF Argues for DMCA Exemption for iPhone jailbreaking
- Truephone VoIP Client Launched for iPhone, iPod Touch
- Apple Facing Potential iPod Shortfall for Holiday Season
- Live TV En Route to iPhone, iPod Touch
- Newer Releases Voyager SATA Hard Drive Docking Station
- Adobe to Pass on MWSF Booth, Still Offer Training Sessions
- Apple Patent Explores Idea of Liquid-Cooled MacBooks
- Apple Removes Antivirus Knowledge Base Article
- Apple Now Taking Orders for In-Ear Headphones
- Joost Makes its Way to iPhone, iPod Touch
- Recent Apple Knowledge Base Article Advocates Use of Anti-Viral Utilities Under Mac OS X
- Apple Releases iPhone Configuration Utility 1.1
- Apple Begins Licensing Mini DisplayPort for Free
- VMWare Offering "Cyber Monday" Deal
Trackback Pings
TrackBack URL for this entry:
http://www.powerpage.org/mt/mt-tb.cgi/11634
Comments
Hmmm...just tried this sequence on my 1st gen iPhone (still with 1.1.3) and it immediately returns you to the Passcode Entry screen.
Could this be a 2.x bug only?
Posted by: QSilver at August 27, 2008 10:51 AM
Apparently, it is a 2.0 fault.
But you can stop the flaw in its tracks by setting your Home Button to go back to Home when double tapped (instead of Favorites. In that case, it will bring you back to the passcode screen when the unit is locked.
Posted by: rwahrens at August 27, 2008 12:40 PM
2.0.2 user here with no such "flaw" even with my Home button set to favorites.
Posted by: Anonymous at August 27, 2008 6:41 PM
This is not a bug it's just the way it's designed. If you don't have anything in your favourites you can't get anyway but once you can get to the Mail application or a Browser it's diffcult to sandbox what you're able to do once you get that far.
I suppose you can argue that you shouldn't be able to see all contacts and only the contacts that are in your favourites.
Posted by: Robert Nicholson at August 27, 2008 8:27 PM
rwahren's fix also works if you have the home button set to go to the ipod on double click. the would be data thief gets to listen to your music, but cant get anywhere else on your phone.
Posted by: Anonymous at August 28, 2008 2:35 PM
As I understand it, from what I have read about this problem over the last week or so, the "evil doer" actually has to have physical possession of the iPhone in question. It is not a hack, virus, or worm. In my opinion anyone who lends his iPhone to anyone, or who doesn't leave it securely hidden when he/she does not wish to have it in their posession, has no valid reason to complain if they are "burgled". As they say in the X Files; "Trust no one".
Posted by: Anonymous at September 1, 2008 2:48 AM
Copyright © 1995-2008 Bolt, LLC. All rights reserved.