News

Security Flaw Allows Access to Screen Locked iPhone

Wednesday, August 27th, 2008 at 1:15 PM - by

iPhones with iPhone 2.x software and which are passcode locked with a four digit code can still be accessed with a special key sequence, according to Macworld UK on Wednesday.

Not only can someone make a 911 call on a passcode locked iPhone, but any number at all can be entered after hitting the emergency call button. In addition, tapping the home button twice takes one to the favorites page.

If a favorite has a URL associated with it, Safari can then be launched. E-mail can also be accessed.

"If the owner of the phone has favourite entries in their address book containing URLs, email addresses or mobile phone numbers, then those entries can be used to launch the browser, mail application or SMS (Short Message Service) software and gain access to private web favourites, email messages and text messages stored in the phone, again without entering the unlock code,"Macworld wrote.

This reporter was able to duplicate the actions described in the article on an iPhone 2G.

According to Macworld UK, the technique was a surprise to an Apple spokeswoman in London who said she would look into the issue.

As a temporary workaround, make sure in General Settings, the Home Button action is set to Home, not Phone Favorites.

6 comments from the community.

You can post your own below.

+ show options

Your current settings, click to change: Sort Oldest First, Show Guest Posts, Hide Community Stats

jbruni said:

member since 14 Jul 2006 with 105 posts, unranked, send him a message or view his profile

Wed Aug 27, 2008 1:42 pm

Just tested this on mine and it worked. So much for the passcode...

Quote this post ↓

A guest said: (hide)

Wed Aug 27, 2008 4:50 pm

It's only a security flaw if you have set it the Home button to your Favorites which is not the default setting. The default setting it seems is set to iPod. This allows easy access to the iPod side of your phone. And if you access the iPod side with this method you cannot get out of the iPod side to gain access to other parts of your phone. To do that you still have to enter in your passcode. So in order for this to be a security flaw you have to make the change deliberately to the default setting of your Home button. As someone who uses the iPod side of his phone on a regular basis I find this is a feature well worth the small potential breach of security.

Quote this post ↓

A guest said: (hide)

Wed Aug 27, 2008 7:25 pm

How can this be a "security" issue? Let me see - you leave your phone lying around - and you don't want someone to make calls from it when they steal it????

Quote this post ↓

A guest said: (hide)

Wed Aug 27, 2008 7:47 pm

no u get ur contacts stolen email sent , think of companies

and uknow this also works form 1.1.4 so

Quote this post ↓

Intruder said:

member since 07 Jul 2004 with 3149 posts, TMO Mac Specialist, send him a message or view his profile

Thu Aug 28, 2008 9:42 am

Anonymous wrote:
no u get ur contacts stolen email sent , think of companies

and uknow this also works form 1.1.4 so

Try again using the rest of your keyboard. This isn't teenage AOL chatting going on here. Full words and sentences, please. What you typed made no sense whatsoever.

Quote this post ↓

A guest said: (hide)

Thu Sep 04, 2008 2:29 am

Crap like this happens, oh well.

Until they make a habit of significant security flaws, it's just "be aware", and just be as careful with your phone as you already should be anyway.

Quote this post ↓

Post Your Comments

  Remember Me

Not a member? Register now. You can post comments without logging in, but they'll show up as a "guest" post.


Please enter the word exactly as you see it in the image above. Registered users aren't prompted for this. Having trouble reading the image get a new one.