iOS Security Hole Allows Easy Bypassing of Lock Screen

A flaw in iOS 4.1 means it is possible to access the iPhone’s contact list and phone keypad even if the device is locked.

The seemingly random set of combination of steps was first reported on the MacRumors forum. It was tested on both jailbroken and non-jailbroken iPhones, and appears to fail on 4.0.1 as well as 4.1. The flaw has been reported, but it remains to be seen if Apple will close it before 4.2 launches in November.

To bypass the lock, when an iPhone is locked with a passcode, you tap the “Emergency call” button, then enter three pound signs (or, it seems, any non Emergency Call string), hit the call button and then immediately press the lock button.

Once done, you have full access to the Phone app on the iPhone, which means you have access to the address book, voicemail, call history, and can make calls. Additionally, it was reported that Voice Control could be accessed as well.

 For those playing around with it, some have said they couldn't get their phone to go to sleep again once the procedure was done. To get around that, aside from powering down, you can also (while in contacts) tap on a contact, make a call and hit "End," after which the iPhone will return to the lockscreen asking for a passcode.

You can watch a Brazilian iPhone owner demonstrate the issue below. Apple has not publicly acknowledged the bug yet.

Tags:  Apple, iPhone, security, ios
Comments
Dave_HH 4 years ago

Ummm... oopsie! Just don't dial 911 by accident.

3vi1 4 years ago

Finally... Apple can claim to be the "Open" solution!

digitaldd 4 years ago

iPhone security = fail

Inspector 4 years ago

I have always knew about the voicecontrol thing, but not the pound thing...

digitaldd 4 years ago

[quote user="Inspector"]

I have always knew about the voicecontrol thing, but not the pound thing...

[/quote]

The voice dialing flaw had been published back in mid 2009 I think so its pretty old.

Post a Comment
or Register to comment