Apple iOS 4.1 Passcode Flaw Exposes iPhone Data


Printer-friendly version Email this CRN article

A recently discovered security glitch in Apple's iOS 4.1 platform exposes sensitive information such as call history and text messages to just about anyone.

The iOS glitch, which was discovered and brought to light recently by iPhone users, allows users to circumvent the passcode entry screen by selecting "Emergency Call," giving them the ability to enter any number. Users must then hit "Send" and the iPhone's sleep button in rapid, almost simultaneous, succession to gain full access to the device.

Once completed, any individual performing the trick will be able to access key functions on the iPhone app, which include phone contacts, call history and voicemail. Individuals who get a hold of a user's iPhone could use it to make phone calls, send text messages and peruse the user's stored photos. Users who hit "share contact" or "email" will also be able to send an e-mail, text or picture messages.

The iPhone passcode lock feature is designed to prohibit access to a user's iPhone by unauthorized individuals by requiring that they enter a predetermined code. With the loophole revealed on forums and blogs, the function is rendered moot on the later versions of the iPhone.

However, according to The Unofficial Apple Weblog, the loophole doesn't appear to exist in the beta version of the iOS 4.2, possibly indicating that Apple became aware of and ultimately addressed the flaw. Apple iOS 4.2 beta for iPhones, iPods and iPads debuted in September and is scheduled for full release in November. Meanwhile, one mitigating factor is the fact that a potential hacker would also need physical access to the user's device. For example, a miscreant could take advantage of the loophole if the iPhone was lost or left alone in a public place.

 

Printer-friendly version Email this CRN article