iPhone 2.0.2 security flaw makes private data accessible
While we make great hay about the security built in to OS X, there is apparently a tiny hole in the iPhone that allows someone to access your data and certain apps -- even when you have passcode protection turned on.Here's how it works:
1. You'll have to have some contacts set up with Favorites. If you don't have any favorites, looks like you'll be OK (I went in and added only one favorite, and that's all that appeared when replicating the issue).
2. Each contact setup as a Favorite would likely have an address, phone, email and possibly a link to their website, right? Those are the vectors of entry to the corresponding apps. So, when you get access (described next) using those features will launch those apps completely bypassing the passcode.
3. So you open the phone, and on the passcode screen you click "Emergency Call"
4. Now double-tap the Home button
5. Hey look, your Favorites! Clicking the blue arrow will take you to the contact info. Depending on what that contact has (email, website, etc.) you can access the corresponding applications, free of the concerns of passcode protections.
Gizmodo has a video if you can't stand to read about it.
UPDATE: Commenters are noting that if you set your Home button to access something else (like iPod functions) you won't be able to get to anything else. So it's a kludge, but better than the alternative, I guess.
Thanks to everyone who sent this in!
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 2)
Marco F. said 9:39AM on 8-27-2008
Yup, a very nice security hole.
However, how many people have the PIN protection at lock enabled? I don't .. which is an even bigger privacy risk indeed.
Reply
kirk said 10:39AM on 8-27-2008
Most MS Exchange Active Sync setups require the phone to have the PIN lock.
This isn't good for the Apple in the Enterprise people since Apple did make the 2.0 software enable the require the PIN lock policy, then made it easy to subvert. I would imagine a fix coming very, very soon.
Then again, I use 1234 as my pin lock so I'm not a poster boy for security.
BobbyBeats said 9:52AM on 8-27-2008
This only works if you have your double tap home button set up to show your icons. when I tried this my iphone brought my to my ipod as that is how I have it set up
Reply
julian said 3:19PM on 8-27-2008
I can confirm this.
BobbyBeats said 9:54AM on 8-27-2008
and by show icons I mean favorites...still early
Reply
Sean said 9:58AM on 8-27-2008
This works on my iphone too which is still using the 2.0.0 firmware.
Reply
VaughnB said 9:58AM on 8-27-2008
Before panic breaks out in all of fandom...you can easliy correct this problem by changing the "Home Button" setting under general to go to the iPod or Home when you double click.
Crisis Averted!
Settings >General>Home Settings
Reply
bbock said 10:02AM on 8-27-2008
The problem is bigger than that. Using the emergency button, I can dial any number. So someone who steals or finds your phone can hit the emergency call button and then dial any number they want. This sucks. What the hell were they thinking? What I WOULD like is a button that shows up on the lock screen that says OWNER INFO so that if someone finds my phone they can email me, or phone another number. BUT ONLY THAT.
Reply
Harbinger said 10:22AM on 8-27-2008
How about this one, you have someone's pin-locked phone. You plug it into your laptop. You jailbreak it, install the necessary apps, and pull any of the data off the phone. Unless the data is encrypted, if you have physical access you have everything.
Reply
Jash Sayani said 10:56AM on 8-27-2008
Exactly. If you have physical access to the phone then getting the data out is just a piece of cake. This flaw doesn't affect much.
Gregg said 11:15AM on 8-27-2008
If you don't have any favorites the flaw does nothing.
It may also mean you have no friends but thats another problem in its self.
Reply
fred said 11:27AM on 8-27-2008
wait but wouldn't having double tap set to do something else (like open ipod) just stop this flaw?
Reply
joshua levitsky said 12:41PM on 8-27-2008
Yes you are right setting it to iPod would fix it for -you-, but if you run a business with, let's say, 100 iPhones out there and you care about protecting information then to say that all the users should know enough not to pick Phone Favorites is just not going to fly, and if you email them to warn them then all that happens is now they know about Phone Favorites and they say... "Hey I love this.. I'm going to enable it so I don't need my password." and then you've got 100 problems where before maybe you had 5.
I'm sure apple will fix it. I reported it as I'm sure other enterprise customers have also. Sadly the person that posted the details didn't bother to let Apple know in advance. Guess they are just a jerk.
olivier said 11:45AM on 8-27-2008
apple, please don't fix this, I love it, makes accessing my Favorites so much easier!
Reply
appleboy said 12:40PM on 8-27-2008
the first time i did it i when to a black screen, now it shows my wallpaper. no buttons to press?? hmm
Reply
sj said 12:54PM on 8-27-2008
this also affects 2.0.1. isnt this a similar method that was used to perform the jailbreak in an older firmware where you had a contact with the URL jailbreakme.com?
Reply
Zyber said 1:37PM on 8-27-2008
You can see all the contacts by going to a different app the double-tapping the home button to go to the favs again and it shows all your contacts
Reply
totoro said 1:52PM on 8-27-2008
Weird. My home button always went to Home-if that wasn't the default, I must have changed it way back on my EDGE iPhone, and it got transferred to my 3G?
Reply
Adam said 1:57PM on 8-27-2008
Im on 2.0.1, and when i do this, i am able to access my music.
Reply
Bill said 2:54PM on 8-27-2008
I tried this after I read this and it went to the iPod screen. Since I had never set this I believe that this is the default setting. Which if you think about it is a pretty good idea if you use, like me, your iPhone as both a phone and an iPod. After experimenting a bit the 'feature' works differently if you are listening to something or not. This is pretty useful feature for those of us who use our iPhone as iPod's as well. And as far as I can tell you can't get out out the iPod side of the phone without entering your access code.
Reply