iPhone 2.0.2 security flaw makes private data accessible
While we make great hay about the security built in to OS X, there is apparently a tiny hole in the iPhone that allows someone to access your data and certain apps -- even when you have passcode protection turned on.Here's how it works:
1. You'll have to have some contacts set up with Favorites. If you don't have any favorites, looks like you'll be OK (I went in and added only one favorite, and that's all that appeared when replicating the issue).
2. Each contact setup as a Favorite would likely have an address, phone, email and possibly a link to their website, right? Those are the vectors of entry to the corresponding apps. So, when you get access (described next) using those features will launch those apps completely bypassing the passcode.
3. So you open the phone, and on the passcode screen you click "Emergency Call"
4. Now double-tap the Home button
5. Hey look, your Favorites! Clicking the blue arrow will take you to the contact info. Depending on what that contact has (email, website, etc.) you can access the corresponding applications, free of the concerns of passcode protections.
Gizmodo has a video if you can't stand to read about it.
UPDATE: Commenters are noting that if you set your Home button to access something else (like iPod functions) you won't be able to get to anything else. So it's a kludge, but better than the alternative, I guess.
Thanks to everyone who sent this in!
Share
While we make great hay about the security built in to OS X, there is apparently a tiny hole in the iPhone that allows someone to access...
Add a Comment
I'm sure they will fix this too, would be nice if the flaw dropped the price a bit. I passed on the first version to avoid 1st generation flaws, now AT&T holding me hostage on the promo price til my contract runs out in November, even when I volunteered to contract them 5 more years if I could just get the iphone now at the $299 special! Now this flaw comes out, maybe November is not such a painful wait afterall. :)
August 30 2008 at 1:40 AM Report abuse Permalink rate up rate down Replyi can't even set a pass code now? i usually don't, but sometimes i like to.
August 28 2008 at 8:05 PM Report abuse Permalink rate up rate down ReplyI really like that background you have on your phone. Would you mind sharing? Thanks!
August 28 2008 at 5:31 PM Report abuse Permalink rate up rate down ReplyYou can also set the lock interval to 15 minutes (on 1st gen iPhone) to block this...
August 28 2008 at 4:49 AM Report abuse Permalink rate up rate down ReplyI made my own video since I was bored. Shows accessing contacts, sms and email. Also, current hot fix to keep badies out.
http://www.flickr.com/photos/kirkkohler/2804558905/
I would like to see Emergency Call button call 911 or any contacts you list them as emergency like next of Kim.
August 27 2008 at 9:33 PM Report abuse Permalink rate up rate down ReplyPretty sure this was intended to be a feature and was not an over looked flaw. Granted the "feature" does provide a security hole into some of your data....
Even still you would think the emergency button was for just that, dialing an emergency number which by no ones standards could realistically include personal contacts. In my neighborhood it's 911 and that's pretty much it.
Once you're in the Mail App, you have full access of Contacts... Nice Apple, very nice...
August 27 2008 at 3:53 PM Report abuse Permalink rate up rate down ReplyAlso if you have a web address in an email. You can open safari also.
August 27 2008 at 3:39 PM Report abuse Permalink rate up rate down ReplyYou can send a txt message also once you reach your favorites. Then you can view all your txt messages. You can do the same with email. Just select the email and hit cancel in the message. Boom the mail app is open.
August 27 2008 at 3:36 PM Report abuse Permalink rate up rate down ReplyHot Apps on TUAW
Deals of the Day
more deals- Ventev UltraTHIN Hard Shell Case for iPhone 4 for $2 + $2 s&h, more
- Body Glove Matrix Case for iPhone 4 / 4S for $3 + $2 s&h
- Pogoplug Premium Personal Cloud for PC and Mac for $10 + free shipping
- olloclip 3-in-1 Lens System for iPhone 4 / 4S for $70 + free shipping
- Open-Box Nike Aero Neckband Headphones for $13 + $6 s&h
- Adobe CS5.5 Design Premium Student for PC or Mac downloads for $337
Software Updates
more updatesFeatured Stories
more stories
Popular Stories
TUAW (or The Unofficial Apple Weblog) is a website devoted to tips, reviews, news, analysis and opinion on everything Apple.
31 Comments