A major security vulnerability has been identified within the iPhone 2.0.2 software - a flaw which affects users who have password-protected the device...
The simple trick, "gives anyone full access to your Mail, SMS, Contacts, and Safari, reports a member of the MacRumors forum.
And the trick requires the technological skills of a five year old - essentially someone trying to access a password-protected iPhone simply needs to tap the emergency call button, and then double tap the home button and then...
An unapproved user doing this would land in the iPhone owner's favourites area. If the iPhone has web addresses, phone numbers or email addresses stored there, then the invader can gain access to this information.
There's a video detailing the flaw on the Gizmodo website.
UPDATE: iPhone users who want to guard against this flaw have a really simple solution - in (Settings) General access the Home Button Settings, and switch double-clicking from 'Phone Favorites' (default) to iPod. Then all any space invader will gain is access to your music collection. Perhaps that should be the new default, pending a repair? (Thanks to reader, 9to5Noob for the suggest).
UPDATE 2: From a 9to5Mac reader (who cites MacRumors for this tip) in comment below: "a better option is to switch double-clicking to 'Home Page' rather than 'iPod' which then returns to the passcode entry screen rather than give access to the iPod contents. This is from another posting in the MacRumors forum so not claiming credit for this."
Delicious
Digg
StumbleUpon
Reddit
Facebook
Google
Yahoo
Technorati
Comments
a problem. But hey I have my
a problem.
But hey I have my dobble tab home button set to iPod
So all you can do whitout my code is to use my iPod, And that is ok. I don't have something on there that other must not see/hear
That's an interesting
That's an interesting solution
And, lo and behold - it's in there as a choice - so the only thing that needs doing is for Apple iPhones to ship with this enabled as a default. And for users to change across to that.
I'll update the story.
Nice one.
Chilling?
Don't you think using the word "chilling" in this case is just a tad bit...sensationalist?
Yes this is a pretty serious flaw, but "chilling"? It's not like someone can completely hijack your phone or completely steal all your data... They would still need to write this out by hand.
Yeah, I agree. I pulled the
Yeah, I agree. I pulled the word out.
Emergency Call
But can't you use the "emergency call" function to call anyone you like anyway - so it does defeat the purpose of locking your phone as it would still be usable (for making calls) should somebody steal it. I don't care if they start emailing my contacts but don't want them to run up a bill!
Yes from 'Emergency Call' you
Yes from 'Emergency Call' you can pretty much get anywhere - that's how some of the early jailbreaks were installed. You can get right into the OS and modify preferences - including, presumably, removing the PIN. You can also use safari and browse the web etc.
I thought the security rules
I thought the security rules was that if they had physical access to it, it was compromised if you can't bork/wipe it or encrypt it. Still stands here.
As a workaround until fixed,
As a workaround until fixed, a better option is to switch double-clicking to 'Home Page' rather than 'iPod' which then returns to the passcode entry screen rather than give access to the iPod contents. This is from another posting in the MacRumors forum so not claiming credit for this.
Post new comment