iPhone security hole — and a fix — discovered

Thu Aug 28, 2008 10:09AM EDT

See Comments (32)

Have password protection enabled on your iPhone? Turns out there's an easy way for attackers to skip the password screen and access your contacts, browse the Web, poke through your e-mail, and even make calls. Luckily, there's an even easier way to patch the hole.

According to Ars Technica, posters on the MacRumors forums discovered the security hole, and it's a pretty big one.

First, for those of you who don't password-protect your iPhones (and if you don't, you should), here's how it normally works: The moment you wake the iPhone, a numeric pad pops up, prompting you for a four-digit passcode—no password, no joy. There's also an "Emergency Call" button that lets you call 911 in a pinch. (You can access the password settings under Settings, General, Passlock Code; I typically set my iPhone to require the passcoode after 15 minutes of inactivity.)

Here's the thing, though—if you double-click the Home key while in the Emergency Call screen, the iPhone will default to your Favorites menu. From there, an attacker could access your e-mail (it's easy—just click a contact's email address, click "Cancel" from the new message screen, and you're in), browse the Web (either through a contact's URL, or through URLs found via Google Maps), and even make calls (just dial a contact's number, then add a call—any call).

Reportedly, Apple already knows about the security hole and is working on a software patch. However, Ars Technica already has a simple solution: Just change the double-click preferences for the iPhone Home button (Settings, General, Home Button) to "iPod" (attackers can watch you videos and listen to your tunes, but that's all), or—even better—to "Home," which simply brings the iPhone back to the password screen.

Also, note to Apple: Would it have killed you to tell us about the security hole and the simple fix?

Related:
Passcode exploit (and fix) found for locked iPhones [Ars Technica]

 

Comments on iPhone security hole — and a fix — discovered

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 26 Posted by rickylyciw on Thu Sep 3, 2009 8:40PM EDT Report Abuse

    THIS IS CRAP TO TRY AND BAD MOUTH iPhone. I own an iPhone, version, 2.0.2; and I tried this supposed 'security hole' and IT DID NOT bypass my lock. After clicking on 'Emergency Call' and clicking on 'Home' button twice, it just returned to the lock screen for you to enter the lock code. So, whoever you are, get a real iPhone. Lay off the rumors and junk info...

  • 27 Posted by greenhawaii07 on Thu Sep 3, 2009 4:12PM EDT Report Abuse

    Wow, schrodym and drums4bch01 are either playing dumb or are actually too stupid to realize that both Apple and Microsoft have flaws and it is better to be informed of these so we as consumers can make the choice to try to protect ourselves or stay dumb like both of you. Wake up!!!!!

  • 28 Posted by manubrar92 on Thu Sep 3, 2009 7:05PM EDT Report Abuse

    Wow drums4bch01... "This loser" prolly knows more about computers than you do; you being an ignorant sheep, following Apple unconditionally. Not a single company in the world is perfect; not even Apple. Get over it. The article 'is biased'? what, because it maybe implies that, god forbid, apple ISN'T perfect? Gasp. And for the love of sanity, one question mark will suffice. And for the sake of responding to your pathetic "mac forever" cry: "Ban idiots from teh interwebs, FTW!"

  • 29 Posted by geedgls on Thu Sep 3, 2009 4:07PM EDT Report Abuse

    Hey drums, looks like he's using a Mac to me.

  • 30 Posted by very_critical on Thu Sep 3, 2009 10:33PM EDT Report Abuse

    What the heck people? The author is letting people know about key issues with the Iphone. I work in security/law enforcement. Information is released daily about issues like this. If the author posted the fix to the problem and not the exact problem itself the next thing people will ask is what is the flaw. Get over it. I own a Iphone 3G and use it everyday and think it's the best thing next to sliced bread but never let a person, company, or product blind you to what's going on in the real world.

  • 31 Posted by very_critical on Thu Sep 3, 2009 10:33PM EDT Report Abuse

    What's up with some of you people? The author is letting people know about key issues with the Iphone. I work in security/law enforcement. Information is released daily about issues like this. If the author posted the fix to the problem and not the exact problem itself the next thing people will ask is what is the flaw. Get over it. I own a Iphone 3G and use it everyday and think it's the best thing next to sliced bread but never let a person, company, or product blind you to what's going on in the real world.

  • 32 Posted by elliot_milley on Thu Sep 3, 2009 3:53PM EDT Report Abuse

    Whats the big deal? As far as cell phones go its ok, its nothing special, but I cant imagine getting so excited about poorly developed software

More Posts: First Prev 1 2 3 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.