Bypass Surgery: Another iOS4 Security Hole Uncovered

  This image described by iPhone, iOS 4.1, Security Hole, Photo-4

Last Friday, MacRumors reader “jordand321” posted the following to the site’s forum:

“I think I just found a security flaw in ios 4.1.

When you iPhone is locked with a passcode tap Emergency Call, then enter a non-emergency number such as ###. Next tap the call button and immediately hit the lock button. It should open up the Phone app where you can see all your contacts, call any number, etc.”

Wasn’t long before the post grew into a full thread, as other readers confirmed confirmed the flaw in both “virgin” and jailbroken flavors of the firmware (as well as 4.0.1, but not 3.x or the newest 4.2 beta), and that the purloined access was limited to contacts, call history, voice mail and favorites.  One responder recommended AndroidLock in Cydia to plug the gap, but also scoffed “Chances are, whoever finds your phone won’t be some iPhone expert. It’s not that big of a deal. Though, you deserve it if you’re careless enough to leave such an expensive piece of technology laying around.”  In the interest of completeness, here’s a Brazilian iPhone user demonstrating the workaround: 

We at the offices were also able to replicate the flaw — but as we did, we had something of an deja vu moment/acid flashback.  Hadn’t we seen a bug like this somewhere before…?  Sure enough, a check of the archives reveals that, not only did the iPhone already have a similar flaw, but back in January 2010 the Android had its own problem with it’s security screen

Add to this the Firesheep hack-addin for Firefox browsers that lets you “harvest” security cookies via Wi-Fi, and it’s the sort of week that’s enough to make you throw away all your gadgets and become a full-blown Luddite.


About Dactyl Anapest

Google + Profile