Forgot your password?
typodupeerror
Security Cellphones Communications Data Storage Portables (Apple)

Locked iPhones Can Be Unlocked Without Password 102

Posted by timothy
from the now-lookie-hyeah dept.
snydeq writes "Private information stored in Apple's iPhone and protected by a lock code can be accessed by anyone with just a few button presses. Pressing the emergency call button at the unlock screen, followed by two taps on the home button, takes you to the iPhone's private 'favorites' page without the need to enter the unlock code, MacRumors user greenmymac has found. If the owner of the phone has favorite entries in their address book containing URLs, e-mail addresses or mobile phone numbers, then those entries can be used to launch the browser, mail application or SMS software, and gain access to private Web favorites, e-mail messages, and text messages stored in the phone, again without entering the unlock code."
This discussion has been archived. No new comments can be posted.

Locked iPhones Can Be Unlocked Without Password

Comments Filter:
  • Not quite... (Score:5, Informative)

    by daybot (911557) * on Wednesday August 27, 2008 @11:11AM (#24765805)

    Pressing the emergency call button at the unlock screen, followed by two taps on the home button, takes you to the iPhone's private 'favorites' page without the need to enter the unlock code

    Not quite - it takes you to Favorites or iPod depending on your double-tap shortcut setting. If it's set to the home screen then you are just prompted for the passcode. See here [macrumors.com]

  • Just tested... (Score:5, Informative)

    by Elindor (84810) on Wednesday August 27, 2008 @11:12AM (#24765841)

    There's a way to prevent this - set the Home Button to go to Home when double clicked - this simply drops it back to the PIN request (Or, if it's in iPod mode, bring up the basic iPod controls)

  • by Brilthor (754604) on Wednesday August 27, 2008 @11:20AM (#24765937)
    Actually all you need to do is call the iphone, then when the call ends you are back at the home screen unrestricted. On a slightly unrelated note most security articles seem to point out the obvious flaws instead of the clever ones (clearly the iphone lock function is only a slight deterrent)
  • by shitzu (931108) on Wednesday August 27, 2008 @11:32AM (#24766093)

    Actually all you need to do is call the iphone, then when the call ends you are back at the home screen unrestricted.

    No it does not. It still asks for the code after the call has ended.

  • by scorp1us (235526) on Wednesday August 27, 2008 @11:35AM (#24766147) Journal

    My iphone blanks and when it wake it it prompts for the code. This is on 2.0.1

  • by CaptainZapp (182233) * on Wednesday August 27, 2008 @11:41AM (#24766253) Homepage
    Actually the security lock works pretty reliable on just about any Nokia phone I ever owned.

    Sure, you could factory reset it, but, alas, that requires access to the keyboard, which is locked.

    You can call the phone and accept calls while locked, but that's it. After the call it goes back into locked mode.

    I'm not claiming it's 100% unhackable. Maybe you could flash the firmware (I wouldn't know). But in any case the security is not quite as innane as what Apple has implemented.

  • by Brilthor (754604) on Wednesday August 27, 2008 @11:56AM (#24766527)
    just tested again; I can't seem to re-create it, it was an observation I made a couple days ago, apparently missed something doesn't change the fact that you just need to plug it into a computer to get the data anyways
  • Re:Not quite... (Score:5, Informative)

    by Charles Dodgeson (248492) * <jeffrey@goldmark.org> on Wednesday August 27, 2008 @12:46PM (#24767327) Homepage Journal

    I do see the behavior described: Emergency call, then double press takes me to my phone "Favorites". From the favorites, I can look up the details of of those address book entries and bring up Safari or Mail.

    From Safari opened this way, I can get to my bookmarks. And I suspect that from Mail (haven't tested it yet), I could get to all of my contacts. All of this with completely by-passing the PIN.

  • by Ferzerp (83619) on Wednesday August 27, 2008 @06:20PM (#24771333)

    Only in the absence of encryption (which happens to be absent on an iPhone).

    My BlackBerry on the other hand, I can hand to someone with confidence that my data is safe for the foreseeable future (as with any encryption, it's only secure for as long as it would reasonably take to brute force the password)

  • by SenorPhatnutZ (1352529) on Wednesday August 27, 2008 @07:21PM (#24772239)

    Hi all, I just happened to be browsing apple dev center trying to figure out some details on the bonjour service. I'm not sure I like it running on my network so I wanted to know more... Found the apple security site which lists their known flaws and security bugs. Scrolling through happened to see this one, remembered this post and here ya all go:

    http://support.apple.com/kb/HT1312?viewlocale=en_US [apple.com]

    or if you prefer:

            *

                Passcode Lock

                CVE-ID: CVE-2008-0034

                Available for: iPhone v1.0 through v1.1.2

              Impact: An unauthorized user may bypass the
    Passcode Lock and launch iPhone applications

                Description: The Passcode Lock feature is
    designed to prevent applications from being
    launched unless the correct passcode is entered.

    An implementation issue in the handling of
    emergency calls allows users with physical access
    to an iPhone to launch an application without the
    passcode. This update addresses the issue through
    an improved check on the state of the Passcode
    Lock.

It seems that more and more mathematicians are using a new, high level language named "research student".

Working...