iPhone security hole — and a fix — discovered
Thu Aug 28, 2008 10:09AM EDT
See Comments (32)
Have password protection enabled on your iPhone? Turns out there's an easy way for attackers to skip the password screen and access your contacts, browse the Web, poke through your e-mail, and even make calls. Luckily, there's an even easier way to patch the hole.
According to Ars Technica, posters on the MacRumors forums discovered the security hole, and it's a pretty big one.
First, for those of you who don't password-protect your iPhones (and if you don't, you should), here's how it normally works: The moment you wake the iPhone, a numeric pad pops up, prompting you for a four-digit passcode—no password, no joy. There's also an "Emergency Call" button that lets you call 911 in a pinch. (You can access the password settings under Settings, General, Passlock Code; I typically set my iPhone to require the passcoode after 15 minutes of inactivity.)
Here's the thing, though—if you double-click the Home key while in the Emergency Call screen, the iPhone will default to your Favorites menu. From there, an attacker could access your e-mail (it's easy—just click a contact's email address, click "Cancel" from the new message screen, and you're in), browse the Web (either through a contact's URL, or through URLs found via Google Maps), and even make calls (just dial a contact's number, then add a call—any call).
Reportedly, Apple already knows about the security hole and is working on a software patch. However, Ars Technica already has a simple solution: Just change the double-click preferences for the iPhone Home button (Settings, General, Home Button) to "iPod" (attackers can watch you videos and listen to your tunes, but that's all), or—even better—to "Home," which simply brings the iPhone back to the password screen.
Also, note to Apple: Would it have killed you to tell us about the security hole and the simple fix?
Related:
Passcode exploit (and fix) found for locked iPhones [Ars Technica]
Top 5 Posts
More About iPhone
Comments on iPhone security hole — and a fix — discovered
Post a Comment
Join in the discussion. Here you'll see the comments in the order they were posted.
-
7 Posted by martintavy on Thu Sep 3, 2009 7:09PM EDT Report Abuse
aint everythings gone be right on the phone especially a computer phone duh
-
8 Posted by cedjam3311 on Thu Sep 3, 2009 3:20PM EDT Report Abuse
I tried to access my phone while in password lock like you said and my phone doesnt allow it, so maybe not all phones are flawed!
-
9 Posted by dietvz7 on Thu Sep 3, 2009 3:43PM EDT Report Abuse
hi apple,why dont you sell your iphones to anybody so you can have a lot of sales..most iphone user are not att ]cuz of the charges,if you you wanna sell big have it open line like nokia,samsung,motorola,this is a free country i guess so let anyone avail of your iphone,,then you'll see how your sale go so very high,,ok..
-
10 Posted by tazorich on Thu Sep 3, 2009 9:57PM EDT Report Abuse
Re: "Wow drums4bch01, guess you would have preferred to be ignorant of the security flaw. Excuse the article for informing you." I find that Apple snobs prefer to remain ignorant, while pretending they're the smartest and luckiest people on earth. For the record, I enjoy my Mac Pro, 20" Intel iMac, and iPhone just fine, thank you. But I know better than to think Apple invented (or perfected) the computer or mobile phones. Yes - much preferred for the flaw to be made public, PROVIDED the workaround is also communicated at the same time, which in this case, it was.
-
11 Posted by tariq22003 on Thu Sep 3, 2009 9:56PM EDT Report Abuse
I agree with Schrodym. Why do you give us an easy solution right after you have just shown the whole world the exact step-by-step formula for hacking into one in the first place. You guys have really made a blunder!
-
12 Posted by finalheaven0 on Thu Sep 3, 2009 3:59PM EDT Report Abuse
wow you are dumb and ONE year late this loophole in the system was how the early iPhone hackers unlocked the first gen iPhones away from AT&T when they first came out heck i did it on my phone to get T-Mobile on it. tell us problems earlier next time
-
13 Posted by lizzyray01 on Thu Sep 3, 2009 6:54PM EDT Report Abuse
You Know What? ----- those people who post comments just to find something to ----- about and someone who will listen to them complain. Thnks for the info and Keep Em' comming for future problems.
-
14 Posted by princesskelso56 on Thu Sep 3, 2009 8:19PM EDT Report Abuse
I just ried it on my phone and it doesn't work.
-
15 Posted by jr8sports@pacbell.net on Thu Sep 3, 2009 4:42PM EDT Report Abuse
Why would you tell everyone about a security flaw before you have a patch for it? So they could all exploit it? What dumb thinking because if you tell the public about the flaw before a patch is released everyone will know how to exploit the flaw. Patterson use some logic.
-
16 Posted by rposton29555sc on Thu Sep 3, 2009 8:53PM EDT Report Abuse
You don't expect Apple to admit to a flaw do you? After all this is the company that sells computers that never crash.(They do) At least MS will admit to flaws. I was given a used iMac lately. It had a large crash log. Worst gift I ever got.
-
17 Posted by jffswlt on Thu Sep 3, 2009 4:34PM EDT Report Abuse
I just updated my 3g and when in the "Emergency Call screen" if I double-click the Home key while in "Emergency Call screen" my phone does nothing.
-
18 Posted by markcap73 on Thu Sep 3, 2009 7:07PM EDT Report Abuse
The article is useful and made me change my settings right away. By the time this article came out, it was probably old news for hackers around the world anyhow.
-
19 Posted by habernaz@sbcglobal.net on Thu Sep 3, 2009 4:15PM EDT Report Abuse
Off-the-cuff comment about iPhone in general: Why no 'Voice Recognition' yet? California 'Hands free' cellular use is a killer for the iPhone. You have to pick up the iPhone to dial then you can use your Bluetooth.....Come on Apple....get with the program. Only phone on the market without it.....
-
20 Posted by kafunmx on Thu Sep 3, 2009 4:46PM EDT Report Abuse
I tryed this out. But security worked well.
-
21 Posted by phhill_09 on Thu Sep 3, 2009 8:09PM EDT Report Abuse
thanks for the info but, it doesnt work. it just goes back to enter your password.
-
22 Posted by robmuan on Thu Sep 3, 2009 8:46PM EDT Report Abuse
If ya don't know how they hack how would you protect yourself. Know your enemy. Some of you have tried and it does not work which mean you are safe...I hate ignorance.
-
23 Posted by sexyprince54 on Thu Sep 3, 2009 9:14PM EDT Report Abuse
Oh no!! Apple will never let us in on the iPhone security flaws until it a little too late. Thank you Apple, for the memories!
-
24 Posted by hock_tooie on Thu Sep 3, 2009 4:19PM EDT Report Abuse
I can't believe some people, ----- ing about being told of a problem. Would you rather Apple had kept quiet about the flaw and let the hackers steal your private data? They informed you of the problem, gave you a fix and still you ----- . MAC forever?. .who do you think makes the MAC. . the same people who make the iPhone. The problem with ALL personal computers and personal communication devices is THE PEOPLE who use/abuse them.
-
25 Posted by cheezew on Thu Sep 3, 2009 3:22PM EDT Report Abuse
Bens just another Apple slammer, cause, they can't write a good article with any meat to it. It does amaze me that they cover him on the internet. Ah, the Internet, another place for a witer, that can't hack"" it in the real world... What's wrong Ben, your book not working out?
Sponsored Links
My Tech
Please enable your browser's cookies to activate the My Tech column.
Also on Yahoo! Tech
| Computers | Home Office | Wi-Fi & Networking | Phones & PDAs | Cameras & Camcorders | TV & Home Theater | Portable Audio |
|---|---|---|---|---|---|---|
6 Posted by jadesharkany on Thu Sep 3, 2009 4:27PM EDT Report Abuse
Wow big companies seem that they would do anything 2 keep the tiniest glitch a secret.