The other day Gizmodo discovered a very large security flaw in Apple’s iPhone software. When an iPhone is enabled with a passcode lock, purportedley none of the information within it can be accesed without first entering the code. This however can be circumvented very easily. If you have your iPhone ‘locked,’ it can be circumvented very easily with very little trickery aside. On the ‘lock’ screen, you can still make an emergency call. When you tap that, you can then double-tap the home button to bring up your favorites (assuming you have that set).
The issue is that your favorites are basically the keys to the kingdom. You can tap the blue arrow next to a favorite to gain access to a contact’s information. From there, you can further tap email, a url, or sms to gain access to email, Safari and your bookmarks, or all of your SMSes, respectively.
Rene notes in an email that this is reminiscent of the old PalmOS bug wherein you could still search the device while it was locked. This, though, this is definitely worse.
Thankfully, Apple has the best ROM update system in the entire smartphone industry — able to push out updates to every iPhone via iTunes with minimal carrier delays. Let’s hope we see 2.0.3 very soon. Meanwhile Giz recommends you set that double-tap behavior to either ‘Home’ or ‘iPod’ to temporarily fix the issue.
Of course, this only applies to people who actually use the lock function on their iPhones, the rest of us just live dangerously.
Update: Macrumors reports that Apple is aware of the issue and has a fix on the way:
[...]this security flaw was already reported to Apple earlier this month and has been acknowledged as an issue. A fix will presumably be included in a future firmware update
Related posts:
- iPhone security flaw still exist with firmware 2.1 A while back it was discovered the iPhone had a huge security risk flaw...
- iPhone 2.0.2 security risks After the 2.02.2 update was released it’s been revealed that your private information on...
- Apple Reasures customers that the 2.0.2 security flaw will be fixed in September It’s likely that you’ve heard the latest controversy over a security loophole which was...
- Apple promises to fix new security risk by September Apple has promised to fix a recently found iPhone security risks that would allow...
- Hacker to expose iPhone security on webcast Jonathan Zdziarski, a data-forensics expert, was the saviour who opened up the iPhone to...
Subscribe to Comments
