Locked iPhones Can Be Unlocked Without Password 102
snydeq writes "Private information stored in Apple's iPhone and protected by a lock code can be accessed by anyone with just a few button presses. Pressing the emergency call button at the unlock screen, followed by two taps on the home button, takes you to the iPhone's private 'favorites' page without the need to enter the unlock code, MacRumors user greenmymac has found. If the owner of the phone has favorite entries in their address book containing URLs, e-mail addresses or mobile phone numbers, then those entries can be used to launch the browser, mail application or SMS software, and gain access to private Web favorites, e-mail messages, and text messages stored in the phone, again without entering the unlock code."
Not quite... (Score:5, Informative)
Pressing the emergency call button at the unlock screen, followed by two taps on the home button, takes you to the iPhone's private 'favorites' page without the need to enter the unlock code
Not quite - it takes you to Favorites or iPod depending on your double-tap shortcut setting. If it's set to the home screen then you are just prompted for the passcode. See here [macrumors.com]
Just tested... (Score:5, Informative)
There's a way to prevent this - set the Home Button to go to Home when double clicked - this simply drops it back to the PIN request (Or, if it's in iPod mode, bring up the basic iPod controls)
The easier and more complete way (Score:4, Informative)
Re:The easier and more complete way (Score:5, Informative)
Actually all you need to do is call the iphone, then when the call ends you are back at the home screen unrestricted.
No it does not. It still asks for the code after the call has ended.
Re:The easier and more complete way (Score:3, Informative)
My iphone blanks and when it wake it it prompts for the code. This is on 2.0.1
Re:The easier and more complete way (Score:4, Informative)
Sure, you could factory reset it, but, alas, that requires access to the keyboard, which is locked.
You can call the phone and accept calls while locked, but that's it. After the call it goes back into locked mode.
I'm not claiming it's 100% unhackable. Maybe you could flash the firmware (I wouldn't know). But in any case the security is not quite as innane as what Apple has implemented.
Re:The easier and more complete way (Score:2, Informative)
Re:Not quite... (Score:5, Informative)
I do see the behavior described: Emergency call, then double press takes me to my phone "Favorites". From the favorites, I can look up the details of of those address book entries and bring up Safari or Mail.
From Safari opened this way, I can get to my bookmarks. And I suspect that from Mail (haven't tested it yet), I could get to all of my contacts. All of this with completely by-passing the PIN.
Re:Local security does not exist (Score:3, Informative)
Only in the absence of encryption (which happens to be absent on an iPhone).
My BlackBerry on the other hand, I can hand to someone with confidence that my data is safe for the foreseeable future (as with any encryption, it's only secure for as long as it would reasonably take to brute force the password)
This is a known patched bug (Score:2, Informative)
Hi all, I just happened to be browsing apple dev center trying to figure out some details on the bonjour service. I'm not sure I like it running on my network so I wanted to know more... Found the apple security site which lists their known flaws and security bugs. Scrolling through happened to see this one, remembered this post and here ya all go:
http://support.apple.com/kb/HT1312?viewlocale=en_US [apple.com]
or if you prefer:
*
Passcode Lock
CVE-ID: CVE-2008-0034
Available for: iPhone v1.0 through v1.1.2
Impact: An unauthorized user may bypass the
Passcode Lock and launch iPhone applications
Description: The Passcode Lock feature is
designed to prevent applications from being
launched unless the correct passcode is entered.
An implementation issue in the handling of
emergency calls allows users with physical access
to an iPhone to launch an application without the
passcode. This update addresses the issue through
an improved check on the state of the Passcode
Lock.