iPhone 2.0.2 security flaw makes private data accessible

While we make great hay about the security built in to OS X, there is apparently a tiny hole in the iPhone that allows someone to access your data and certain apps -- even when you have passcode protection turned on.

Here's how it works:
1. You'll have to have some contacts set up with Favorites. If you don't have any favorites, looks like you'll be OK (I went in and added only one favorite, and that's all that appeared when replicating the issue).
2. Each contact setup as a Favorite would likely have an address, phone, email and possibly a link to their website, right? Those are the vectors of entry to the corresponding apps. So, when you get access (described next) using those features will launch those apps completely bypassing the passcode.
3. So you open the phone, and on the passcode screen you click "Emergency Call"
4. Now double-tap the Home button
5. Hey look, your Favorites! Clicking the blue arrow will take you to the contact info. Depending on what that contact has (email, website, etc.) you can access the corresponding applications, free of the concerns of passcode protections.

Gizmodo has a video if you can't stand to read about it.

UPDATE: Commenters are noting that if you set your Home button to access something else (like iPod functions) you won't be able to get to anything else. So it's a kludge, but better than the alternative, I guess.

Thanks to everyone who sent this in!
Share