Locked iPhones Can Be Unlocked Without Password

snydeq writes "Private information stored in Apple's iPhone and protected by a lock code can be accessed by anyone with just a few button presses. Pressing the emergency call button at the unlock screen, followed by two taps on the home button, takes you to the iPhone's private 'favorites' page without the need to enter the unlock code, MacRumors user greenmymac has found. If the owner of the phone has favorite entries in their address book containing URLs, e-mail addresses or mobile phone numbers, then those entries can be used to launch the browser, mail application or SMS software, and gain access to private Web favorites, e-mail messages, and text messages stored in the phone, again without entering the unlock code."

Re:Not quite...

[tgd]

And on top of that, mine IS set to Favorites and double clicking while locked goes to the iPod controls anyway. When unlocked it goes to Favorites.

Re:The easier and more complete way

[Bonkers54]

I haven't owned a nokia phone for quite a while, but this method definitely worked on both monochrome nokia phones I owned. These are the variety with snake built-in.

When you're at the lock screen, just type in *3001#12345# and now you're at the service menu. All you have to do is scroll down to the menu item for the lock code, select it, and your super secure lock code is now staring back at you in plaintext. Power cycle the phone, type in the code, and you've now got an unlocked phone.

Re:This just in

[StrategicIrony]

haha. Yeah, but usually not with your pinky finger... in 1.2 seconds.

woot!

Good local security is not impenetrable, but should require discernible effort. For example, if I have full-disk encryption, it takes an absurd level of effort to read the contents of my drive.

If I have an iPhone, it requires my pinky finger and 1.2 seconds.

AppleSauce!

Re:The easier and more complete way

[rsborg]

Actually all you need to do is call the iphone, then when the call ends you are back at the home screen unrestricted. On a slightly unrelated note most security articles seem to point out the obvious flaws instead of the clever ones (clearly the iphone lock function is only a slight deterrent)

That's interesting. typical behavior when you realize you've lost your phone: Call it, and see if you can hear the ring. Now when that happens, the person who stole it can answer and say "thanks for unlocking your phone!"

I just tried this, and although hanging up will eject you... if *while in-call*, the phone user navigates to any non-phone app (ie, safari) then hangs up the call, the phone won't re-lock.

This is unfortunate, but I can't think of an easy way to make the phone usable and secure for this use-case... which brings up the interesting point... Is the password really secure? Is it reasonable to expect PC-level security for what is, primarily, a phone?

If someone stole my old Nokia or Sony-Erricson, which didn't really have passwords, they would also have all my contact information, and calendar details. If it's a company phone and you're reasonably sure you lost the phone, shouldn't the first move be to remotely de-activate the phone, then try to find it afterwards?