Locked iPhones Can Be Unlocked Without Password

snydeq writes "Private information stored in Apple's iPhone and protected by a lock code can be accessed by anyone with just a few button presses. Pressing the emergency call button at the unlock screen, followed by two taps on the home button, takes you to the iPhone's private 'favorites' page without the need to enter the unlock code, MacRumors user greenmymac has found. If the owner of the phone has favorite entries in their address book containing URLs, e-mail addresses or mobile phone numbers, then those entries can be used to launch the browser, mail application or SMS software, and gain access to private Web favorites, e-mail messages, and text messages stored in the phone, again without entering the unlock code."

CALL OUT THE DOGS

[The End Of Days (1243248)]

Quick, to the Apple-bashing-mobile

Re:CALL OUT THE DOGS

[by Anonymous Coward]

It's just down from the Microsoft-bashing mobile and next to the Comcast-bashing mobile. They all look similar, so make sure you have the right keys, oh and replace the memes if you use them all. Gotta keep a fresh supply.

Re:

[BitterOldGUy (1330491)]

Quick, to the Apple-bashing-mobile

It's called the Applesauce-mobile, thank you.

Re:

[Captain Splendid (673276)]

Quick, to the Apple-bashing-mobile

Holy annoyed fanbois, Batman!

Re:CALL OUT THE DOGS

[BasharTeg (71923)]

There's no need to fear! Apple Apologist Squad to the rescue!

Quick, spin that security vulnerability into a feature! Now, follow up by making excuses for ridiculously overpriced hardware! Finish them off by implying that 6.5% PC market share growing to 7.2% PC market share is the new "Apple Revolution"!

We've done it! Truths about the downsides to Apple products have been dismissed and discredited, and the comfort provided by our elitism can continue for years to come. Well done Apple Apologist Squad!

Re:CALL OUT THE DOGS

[ByOhTek (1181381)]

And the apologist proudly demonstrating he's no different.

Not quite...

[daybot (911557)]

Pressing the emergency call button at the unlock screen, followed by two taps on the home button, takes you to the iPhone's private 'favorites' page without the need to enter the unlock code

Not quite - it takes you to Favorites or iPod depending on your double-tap shortcut setting. If it's set to the home screen then you are just prompted for the passcode. See here [macrumors.com]

Re:

[tgd (2822)]

And on top of that, mine IS set to Favorites and double clicking while locked goes to the iPod controls anyway. When unlocked it goes to Favorites.

Re:Not quite...

[Charles Dodgeson (248492)]

I do see the behavior described: Emergency call, then double press takes me to my phone "Favorites". From the favorites, I can look up the details of of those address book entries and bring up Safari or Mail.

From Safari opened this way, I can get to my bookmarks. And I suspect that from Mail (haven't tested it yet), I could get to all of my contacts. All of this with completely by-passing the PIN.

Just tested...

[Elindor (84810)]

There's a way to prevent this - set the Home Button to go to Home when double clicked - this simply drops it back to the PIN request (Or, if it's in iPod mode, bring up the basic iPod controls)

The easier and more complete way

[Brilthor (754604)]

Actually all you need to do is call the iphone, then when the call ends you are back at the home screen unrestricted. On a slightly unrelated note most security articles seem to point out the obvious flaws instead of the clever ones (clearly the iphone lock function is only a slight deterrent)

Re:

[MozeeToby (1163751)]

clearly the iphone lock function is only a slight deterrent

Exactly, I think everyone at Slashdot knows that if someone has physical access to your hardware, you've already lost the security game.

Re:The easier and more complete way

[CaptainZapp (182233)]

Actually the security lock works pretty reliable on just about any Nokia phone I ever owned.

Sure, you could factory reset it, but, alas, that requires access to the keyboard, which is locked.

You can call the phone and accept calls while locked, but that's it. After the call it goes back into locked mode.

I'm not claiming it's 100% unhackable. Maybe you could flash the firmware (I wouldn't know). But in any case the security is not quite as innane as what Apple has implemented.

Re:

[toleraen (831634)]

Hmm, on my phone too many wrong pins and you're locked out. All you can do is answer calls. Plus the SD card is encrypted, so if they factory reset the key is lost with it. I may lose my phone, but at least they don't get my data.

Re:The easier and more complete way

[tha_mink (518151)]

Exactly, I think everyone at Slashdot knows that if someone has physical access to your hardware, you've already lost the security game.

I don't know if that applies to the Blackberry family. 10 tries and the phone wipes itself out to factory settings only to be recovered by the enterprise BES server. Haven't read a whole lot about holes in that strategy.

Re:

[tha_mink (518151)]

The hard drive or flash memory can be removed and read by a computer with a compatible interface.

Um. No, it can't. Not in the blackberry anyways, at least not without decrypting it first and good luck with that.

Re:The easier and more complete way

[ballwall (629887)]

Not really, blackberry seems pretty good at it.

Lame...

[E IS mC(Square) (721736)]

What a lame excuse! Just because iphone shits itself when it comes to security does not mean ALL OTHERS do the same. Go do some fucking research and come back later.

Re:The easier and more complete way

[Teese (89081)]

Actually all you need to do is call the iphone, then when the call ends you are back at the home screen unrestricted. On a slightly unrelated note most security articles seem to point out the obvious flaws instead of the clever ones (clearly the iphone lock function is only a slight deterrent)

That's interesting.

typical behavior when you realize you've lost your phone: Call it, and see if you can hear the ring.

Now when that happens, the person who stole it can answer and say "thanks for unlocking your phone!"

Re:

[cduffy (652)]

Now when that happens, the person who stole it can answer and say "thanks for unlocking your phone!"

...if the parent's claim were actually true. It's not.

Re:The easier and more complete way

[Teese (89081)]

Now when that happens, the person who stole it can answer and say "thanks for unlocking your phone!"

...if the parent's claim were actually true. It's not.

Well, that's good to hear.

(as an aside: I shall no longer consider Brilthor a reliable source. Do you hear that Brilthor? Your credibility has been attacked by cduffy! cduffy has a 3 digit slashdot ID, yours is 6. I implicitly trust cduffy over Brilthor - unless new evidence is presented. Or a lower ID backs Brilthor. Then I'm going to be confused.)

Re:

[religious freak (1005821)]

The only solution... what does CmdrTaco think?

Re:

[Blkdeath (530393)]

Now when that happens, the person who stole it can answer and say "thanks for unlocking your phone!"

...if the parent's claim were actually true. It's not.

Well, that's good to hear.

(as an aside: I shall no longer consider Brilthor a reliable source. Do you hear that Brilthor? Your credibility has been attacked by cduffy!

Except that cduffy is absolutely correct; Brilthor is incorrect.

n.b. I own a Blackberry, I just walked over to my co-worker's desk and tested both security work-arounds. The Emergency Call / Double Tap feature worked as advertised; it brought me to his favourites. Calling the iPhone and ending the call brought me back to the "Slide to unlock" screen.

So until an addendum to Brilthor's claim is presented that actually works, I'll continue knowing that they're wrong - UID notwithstanding.

Re:

[rsborg (111459)]

Actually all you need to do is call the iphone, then when the call ends you are back at the home screen unrestricted. On a slightly unrelated note most security articles seem to point out the obvious flaws instead of the clever ones (clearly the iphone lock function is only a slight deterrent)

That's interesting. typical behavior when you realize you've lost your phone: Call it, and see if you can hear the ring. Now when that happens, the person who stole it can answer and say "thanks for unlocking your

Re:The easier and more complete way

[shitzu (931108)]

Actually all you need to do is call the iphone, then when the call ends you are back at the home screen unrestricted.

No it does not. It still asks for the code after the call has ended.

Re:

[Brilthor (754604)]

just tested again; I can't seem to re-create it, it was an observation I made a couple days ago, apparently missed something doesn't change the fact that you just need to plug it into a computer to get the data anyways

Re:

[tlhIngan (30335)]

just tested again; I can't seem to re-create it, it was an observation I made a couple days ago, apparently missed something doesn't change the fact that you just need to plug it into a computer to get the data anyways

It depends. If the phone is unlocked and you receive a call, the iPhone will remain unlocked. If the phone is idle, and it rings, it'll wake up, you answer call, then when call is finished, it'll turn off again. NOw, during the call, it may be unlocked (haven't tried) since you can do other th

Re:

[PC and Sony Fanboy (1248258)]

Couldn't you just change the iTunes settings to think different (and recognize the new iPhone as an old one?)

Re:

[scorp1us (235526)]

My iphone blanks and when it wake it it prompts for the code. This is on 2.0.1

This is a classic sandbox bug.

[argent (18001)]

I've run into all kinds of "kiosk" applications on every platform where this kind of bug exists, from bulletin board systems using applications with shell escapes in the '70s and '80s through "telnet:" URLs in restricted freenix front ends to embedded browsers on dektop operating systems. You can also use similar tricks to get past Apple's kiosk attract mode on Macs in computer stores, an I've run into them in a number of PC vendor demo modes over the years.

When you build a sandbox you have to build it from the inside out. Never introduce anything to the sandbox unless you are absolutely certain that it doesn't have a backdoor. Not "unless you are certain you can close the backdoors"... sandbox programs have to be built around a model that "fails closed"... any action that increases privileges must require an explicit action from outside the program (such as installing a plugin). The amount of effort to build a sandbox out of components that default to an open mode and need to be "locked down" is so much greater that it's easier to reinvent the wheel than patch up the wrong kind of wheel to fit.

One question: Why only 4 digit pin?

[CPE1704TKS (995414)]

This is the 21st century. I can understand defaulting to 4 digit pin, but why can't I choose a longer pin? My gf's Blackberry allows you to enter a much longer string. I have over a 6 digit pin for my ATM card. Why exactly does Apple force people to only have a 4 digit pin for the phone?

Re:

[PC and Sony Fanboy (1248258)]

yes, 10^4 (numeric) or 36^4 (alpha-numeric) is smaller than 10^6 and 36^6. At least, last time I checked.

Re:

[Rayeth (1335201)]

The point is that a human doing either is wasting their time. There are easier and more profitable things to do when you have the hardware in your hands (like sell it to someone else) than try to break into the home screen.

Don't freak out...

[MrPerfekt (414248)]

Just set your double tap home to disable or ipod. Not much you can do then. But yes, double tap should probably be disabled when locked.

Re:Back door anyone?

[gEvil (beta) (945888)]

This is nothing more than a nice backdoor left in there by apple so that they have constant access to your phone.

Yes, because when Apple wants to access my iPhone, they're going to come to my house, pick up the phone, and start pushing buttons....

Re:Back door anyone?

[Farmer Tim (530755)]

Doesn't sound impossible to me, considering how many /.er's buttons Apple manages to push remotely.

Re:

[Ron_Fitzgerald (1101005)]

Can I assume whoever modded this a 'troll' owns an Apple product of some sort and took personal insult rather than modding unbiased?

Re:not really surprising

[alvinrod (889928)]

If I had mod points I probably would have modded it 'Troll' as well. Not because I somehow love Apple products or own an iPhone and feel that need to justify my purchase but because the language in the post makes it seem as though the iPhone is only a kid's toy. Swap iPhone and Blackberry around and it's still a Troll, but he's just trolling a different audience. He could have made the exact same point by changing his wording and suggesting that this is a reason why he would not recommend using the iPhone in a business setting. Same message, but the language isn't anywhere near as inflammatory.

Can I assume whoever modded the comment 'insightful' has something against Apple and decided to take a shot at them rather than modding unbiased?

Re:

[PC and Sony Fanboy (1248258)]

Swap iPhone and Blackberry around and it's still a Troll, but he's just trolling a different audience.

... except, the way he said it, it is true.

When you turn it around, the way you say it, it is trolling.

Re:not really surprising

[alvinrod (889928)]

My goodness the trolls are out in force today. Hopefully the meta-moderation fixes trolls with mod points, but nothing is perfect.

The original claim essentially says that the iPhone is only for rich kids who have too much money on their hands and isn't good for business use at all. If you have an opinion, that's perfectly fine, but expressing it in such an inflamatory manner generally isn't; or at least it's frowned upon in polite, formal discussion.

At least it's not surprising coming from your user name.

Re:

[PC and Sony Fanboy (1248258)]

Well, my user name *is* a troll.. but only if you're an enemy fanboy.

If that is the case, I don't even have to post any text. I just post 'nt', and if they have a proper fanboy name, they can respond 'nt'.

It saves a lot of time when arguing.

Re:not really surprising

[Coraon (1080675)]

My guess too. Mac zealots are a strange tribe, if you tell them apple cant do something they get really bent out of shape. And just because I feel like burning more Karma listen up Mac fan boys: Steve Jobs cannot walk on water, he's just a mortal man.

Re:

[by Anonymous Coward]

No, he's just putting out a fire by using the time-honored "Gasoline Method".

Re:not really surprising

[PC and Sony Fanboy (1248258)]

As you say, gasoline only burns when there is oxygen to help with the combustion. This is true for most of the real world. But if you were inside the reality distortion field, you might find that gasoline does NOT burn. I'm not sure. You'll have to ask an apple fanboy.

Re:This just in

[RiotingPacifist (1228016)]

funny because thats not the case in normal phones. 3 pins wrong and your out, sure you might be able to get round it if you were a gang of phone thieves but with the iphone anybody can get round it and they dont even need your phone for that long

Re:

[mr_mischief (456295)]

Given sufficient knowledge and time, physical access does indeed mean a complete lack of security. Any phone can be rebooted, JTAG accessed, or have the complete firmware and user memory copied off the hardware.

What's startling here is how quickly and easily the access is, and that it's only access to the actual user interface that's required.

Re:

[miratrix (601203)]

Obviously you've never had a BlackBerry, where 10 wrong login attempts will cause the device to wipe itself out. And all memory contents are - afiak - encrypted even if you manage to take the damned thing apart and connect directly to the flash chips.

Reading out "secure" blackberry data...

[tlambert (566799)]

Reading out "secure" blackberry data...

What's the model number? From that I can tell you whether or not I have a JTAG, or would have to borrow one from a friend. With a JTAG I can keep it from wiping itself and do anything with your data I want.

If it's an 8000 series (not including the 8707), then it's a ARMv5TE PXA900, which is pretty easy to hack.

Just because your average idiot can't hack something doesn't mean that it's magically unhackable. The value in the device is in the data it contains, not in the cost of the hardware.

-- Terry

Re:

[StrategicIrony (1183007)]

haha. Yeah, but usually not with your pinky finger... in 1.2 seconds.

woot!

Good local security is not impenetrable, but should require discernible effort. For example, if I have full-disk encryption, it takes an absurd level of effort to read the contents of my drive.

If I have an iPhone, it requires my pinky finger and 1.2 seconds.

AppleSauce!

Re:

[Ferzerp (83619)]

Only in the absence of encryption (which happens to be absent on an iPhone).

My BlackBerry on the other hand, I can hand to someone with confidence that my data is safe for the foreseeable future (as with any encryption, it's only secure for as long as it would reasonably take to brute force the password)