iPhone security hole — and a fix — discovered

Thu Aug 28, 2008 10:09AM EDT

See Comments (32)

Have password protection enabled on your iPhone? Turns out there's an easy way for attackers to skip the password screen and access your contacts, browse the Web, poke through your e-mail, and even make calls. Luckily, there's an even easier way to patch the hole.

According to Ars Technica, posters on the MacRumors forums discovered the security hole, and it's a pretty big one.

First, for those of you who don't password-protect your iPhones (and if you don't, you should), here's how it normally works: The moment you wake the iPhone, a numeric pad pops up, prompting you for a four-digit passcode—no password, no joy. There's also an "Emergency Call" button that lets you call 911 in a pinch. (You can access the password settings under Settings, General, Passlock Code; I typically set my iPhone to require the passcoode after 15 minutes of inactivity.)

Here's the thing, though—if you double-click the Home key while in the Emergency Call screen, the iPhone will default to your Favorites menu. From there, an attacker could access your e-mail (it's easy—just click a contact's email address, click "Cancel" from the new message screen, and you're in), browse the Web (either through a contact's URL, or through URLs found via Google Maps), and even make calls (just dial a contact's number, then add a call—any call).

Reportedly, Apple already knows about the security hole and is working on a software patch. However, Ars Technica already has a simple solution: Just change the double-click preferences for the iPhone Home button (Settings, General, Home Button) to "iPod" (attackers can watch you videos and listen to your tunes, but that's all), or—even better—to "Home," which simply brings the iPhone back to the password screen.

Also, note to Apple: Would it have killed you to tell us about the security hole and the simple fix?

Related:
Passcode exploit (and fix) found for locked iPhones [Ars Technica]

 

Comments on iPhone security hole — and a fix — discovered

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 2 Posted by schrodym on Thu Sep 3, 2009 9:08PM EDT Report Abuse

    Nice of you to share the (albiet simple) way to hack a locked iphone. It is definitely a newsworthy story, both to alert people whose privacy might be at risk, and also to let a little air out of the faithful's sails. However, I feel posting the step-by-step procedure for hacking a locked device was irresponsible. Some folks might still have been stopped by the password if you hadn't just taught them the way around it. Of course, as my grandmother used to say, "locks are made to stop the honest people".

  • 4 Posted by drums4bch01 on Thu Sep 3, 2009 3:48PM EDT Report Abuse

    Just the one comment I have is in regards to this loser's article is that do you think Microsoft tells everybody about their security flaws on their crap products even though know about them?? HUH!?? Just another biased article from PC lovers. MAC forever!!

  • 5 Posted by hosinfefer24 on Thu Sep 3, 2009 4:20PM EDT Report Abuse

    Wow drums4bch01, guess you would have preferred to be ignorant of the security flaw. Excuse the article for informing you.

  • 6 Posted by jadesharkany on Thu Sep 3, 2009 4:27PM EDT Report Abuse

    Wow big companies seem that they would do anything 2 keep the tiniest glitch a secret.

  • 7 Posted by martintavy on Thu Sep 3, 2009 7:09PM EDT Report Abuse

    aint everythings gone be right on the phone especially a computer phone duh

  • 8 Posted by cedjam3311 on Thu Sep 3, 2009 3:20PM EDT Report Abuse

    I tried to access my phone while in password lock like you said and my phone doesnt allow it, so maybe not all phones are flawed!

  • 9 Posted by dietvz7 on Thu Sep 3, 2009 3:43PM EDT Report Abuse

    hi apple,why dont you sell your iphones to anybody so you can have a lot of sales..most iphone user are not att ]cuz of the charges,if you you wanna sell big have it open line like nokia,samsung,motorola,this is a free country i guess so let anyone avail of your iphone,,then you'll see how your sale go so very high,,ok..

  • 10 Posted by tazorich on Thu Sep 3, 2009 9:57PM EDT Report Abuse

    Re: "Wow drums4bch01, guess you would have preferred to be ignorant of the security flaw. Excuse the article for informing you." I find that Apple snobs prefer to remain ignorant, while pretending they're the smartest and luckiest people on earth. For the record, I enjoy my Mac Pro, 20" Intel iMac, and iPhone just fine, thank you. But I know better than to think Apple invented (or perfected) the computer or mobile phones. Yes - much preferred for the flaw to be made public, PROVIDED the workaround is also communicated at the same time, which in this case, it was.

More Posts: First Prev 1 2 3 Next Last

Post a Comment

Sign In to Post a Comment