Forgot your password?
typodupeerror
Security Cellphones Communications Data Storage Portables (Apple)

Locked iPhones Can Be Unlocked Without Password 102

Posted by timothy
from the now-lookie-hyeah dept.
snydeq writes "Private information stored in Apple's iPhone and protected by a lock code can be accessed by anyone with just a few button presses. Pressing the emergency call button at the unlock screen, followed by two taps on the home button, takes you to the iPhone's private 'favorites' page without the need to enter the unlock code, MacRumors user greenmymac has found. If the owner of the phone has favorite entries in their address book containing URLs, e-mail addresses or mobile phone numbers, then those entries can be used to launch the browser, mail application or SMS software, and gain access to private Web favorites, e-mail messages, and text messages stored in the phone, again without entering the unlock code."
This discussion has been archived. No new comments can be posted.

Locked iPhones Can Be Unlocked Without Password

Comments Filter:
  • by The End Of Days (1243248) on Wednesday August 27, 2008 @10:08AM (#24765737)

    Quick, to the Apple-bashing-mobile

    • by Anonymous Coward on Wednesday August 27, 2008 @10:11AM (#24765797)
      It's just down from the Microsoft-bashing mobile and next to the Comcast-bashing mobile. They all look similar, so make sure you have the right keys, oh and replace the memes if you use them all. Gotta keep a fresh supply.
      • Re: (Score:1, Funny)

        by Anonymous Coward

        They all look similar, so make sure you have the right keys

        Also, make sure to change the keys [slashdot.org] if there's the slightest chance they've been compromised!

    • Re: (Score:3, Funny)

      by BitterOldGUy (1330491)

      Quick, to the Apple-bashing-mobile

      It's called the Applesauce-mobile, thank you.

    • Re: (Score:3, Funny)

      Quick, to the Apple-bashing-mobile

      Holy annoyed fanbois, Batman!
    • by BasharTeg (71923) on Wednesday August 27, 2008 @10:55AM (#24766509) Homepage

      There's no need to fear! Apple Apologist Squad to the rescue!

      Quick, spin that security vulnerability into a feature! Now, follow up by making excuses for ridiculously overpriced hardware! Finish them off by implying that 6.5% PC market share growing to 7.2% PC market share is the new "Apple Revolution"!

      We've done it! Truths about the downsides to Apple products have been dismissed and discredited, and the comfort provided by our elitism can continue for years to come. Well done Apple Apologist Squad!

  • Not quite... (Score:5, Informative)

    by daybot (911557) * on Wednesday August 27, 2008 @10:11AM (#24765805)

    Pressing the emergency call button at the unlock screen, followed by two taps on the home button, takes you to the iPhone's private 'favorites' page without the need to enter the unlock code

    Not quite - it takes you to Favorites or iPod depending on your double-tap shortcut setting. If it's set to the home screen then you are just prompted for the passcode. See here [macrumors.com]

    • Re: (Score:3, Interesting)

      by tgd (2822)

      And on top of that, mine IS set to Favorites and double clicking while locked goes to the iPod controls anyway. When unlocked it goes to Favorites.

  • Just tested... (Score:5, Informative)

    by Elindor (84810) on Wednesday August 27, 2008 @10:12AM (#24765841)

    There's a way to prevent this - set the Home Button to go to Home when double clicked - this simply drops it back to the PIN request (Or, if it's in iPod mode, bring up the basic iPod controls)

  • I can see why an emergency call button is necessary, but why did they change the functionality of it? To my knowledge it was working fine (permitting 911/etc only) in previous generations.
  • by Brilthor (754604) on Wednesday August 27, 2008 @10:20AM (#24765937)
    Actually all you need to do is call the iphone, then when the call ends you are back at the home screen unrestricted. On a slightly unrelated note most security articles seem to point out the obvious flaws instead of the clever ones (clearly the iphone lock function is only a slight deterrent)
    • Re: (Score:3, Insightful)

      by MozeeToby (1163751)

      clearly the iphone lock function is only a slight deterrent

      Exactly, I think everyone at Slashdot knows that if someone has physical access to your hardware, you've already lost the security game.

      • by CaptainZapp (182233) * on Wednesday August 27, 2008 @10:41AM (#24766253) Homepage
        Actually the security lock works pretty reliable on just about any Nokia phone I ever owned.

        Sure, you could factory reset it, but, alas, that requires access to the keyboard, which is locked.

        You can call the phone and accept calls while locked, but that's it. After the call it goes back into locked mode.

        I'm not claiming it's 100% unhackable. Maybe you could flash the firmware (I wouldn't know). But in any case the security is not quite as innane as what Apple has implemented.

        • Re: (Score:2, Interesting)

          by Bonkers54 (416354)

          I haven't owned a nokia phone for quite a while, but this method definitely worked on both monochrome nokia phones I owned. These are the variety with snake built-in.

          When you're at the lock screen, just type in *3001#12345# and now you're at the service menu. All you have to do is scroll down to the menu item for the lock code, select it, and your super secure lock code is now staring back at you in plaintext. Power cycle the phone, type in the code, and you've now got an unlocked phone.

        • by Lifyre (960576)

          I have the same performance on my MotoQ9h. This is a ball dropped by Apple, not huge, but since this is /. it makes front page because Apple articles almost always result in a flamewar...

          -Lifyre

      • by toleraen (831634) *
        Hmm, on my phone too many wrong pins and you're locked out. All you can do is answer calls. Plus the SD card is encrypted, so if they factory reset the key is lost with it. I may lose my phone, but at least they don't get my data.
      • by tha_mink (518151) on Wednesday August 27, 2008 @11:26AM (#24767001)

        Exactly, I think everyone at Slashdot knows that if someone has physical access to your hardware, you've already lost the security game.

        I don't know if that applies to the Blackberry family. 10 tries and the phone wipes itself out to factory settings only to be recovered by the enterprise BES server. Haven't read a whole lot about holes in that strategy.

      • by ballwall (629887) * on Wednesday August 27, 2008 @11:27AM (#24767033)

        Not really, blackberry seems pretty good at it.

      • Lame... (Score:4, Insightful)

        by E IS mC(Square) (721736) on Wednesday August 27, 2008 @12:12PM (#24767669) Journal
        What a lame excuse! Just because iphone shits itself when it comes to security does not mean ALL OTHERS do the same. Go do some fucking research and come back later.
      • by Alsee (515537)

        Except for the Trusted Computing fans.
        They still have the delusion of "fixing" that.

        -

    • by Teese (89081) <beezel@gmail.UUUcom minus threevowels> on Wednesday August 27, 2008 @10:26AM (#24766013)

      Actually all you need to do is call the iphone, then when the call ends you are back at the home screen unrestricted. On a slightly unrelated note most security articles seem to point out the obvious flaws instead of the clever ones (clearly the iphone lock function is only a slight deterrent)

      That's interesting.

      typical behavior when you realize you've lost your phone: Call it, and see if you can hear the ring.

      Now when that happens, the person who stole it can answer and say "thanks for unlocking your phone!"

      • by cduffy (652)

        Now when that happens, the person who stole it can answer and say "thanks for unlocking your phone!"

        ...if the parent's claim were actually true. It's not.

        • by Teese (89081) <beezel@gmail.UUUcom minus threevowels> on Wednesday August 27, 2008 @12:51PM (#24768239)

          Now when that happens, the person who stole it can answer and say "thanks for unlocking your phone!"

          ...if the parent's claim were actually true. It's not.

          Well, that's good to hear.

          (as an aside: I shall no longer consider Brilthor a reliable source. Do you hear that Brilthor? Your credibility has been attacked by cduffy! cduffy has a 3 digit slashdot ID, yours is 6. I implicitly trust cduffy over Brilthor - unless new evidence is presented. Or a lower ID backs Brilthor. Then I'm going to be confused.)

          • The only solution... what does CmdrTaco think?
          • by Blkdeath (530393)

            Now when that happens, the person who stole it can answer and say "thanks for unlocking your phone!"

            ...if the parent's claim were actually true. It's not.

            Well, that's good to hear.

            (as an aside: I shall no longer consider Brilthor a reliable source. Do you hear that Brilthor? Your credibility has been attacked by cduffy!

            Except that cduffy is absolutely correct; Brilthor is incorrect.

            n.b. I own a Blackberry, I just walked over to my co-worker's desk and tested both security work-arounds. The Emergency Call / Double Tap feature worked as advertised; it brought me to his favourites. Calling the iPhone and ending the call brought me back to the "Slide to unlock" screen.

            So until an addendum to Brilthor's claim is presented that actually works, I'll continue knowing that they're wrong - UID notwithstanding.

      • Re: (Score:3, Interesting)

        by rsborg (111459)

        Actually all you need to do is call the iphone, then when the call ends you are back at the home screen unrestricted. On a slightly unrelated note most security articles seem to point out the obvious flaws instead of the clever ones (clearly the iphone lock function is only a slight deterrent)

        That's interesting. typical behavior when you realize you've lost your phone: Call it, and see if you can hear the ring. Now when that happens, the person who stole it can answer and say "thanks for unlocking your

        • by Culture20 (968837)

          I just tried this, and although hanging up will eject you... if *while in-call*, the phone user navigates to any non-phone app (ie, safari) then hangs up the call, the phone won't re-lock.

          I just tried this too; every attempt to navigate to another app while using the phone was met with the password screen. Perhaps it's a firmware difference?

          • by rsborg (111459)

            I just tried this too; every attempt to navigate to another app while using the phone was met with the password screen. Perhaps it's a firmware difference?

            You're correct, my experience was user error (passcode had been turned off recently), so it looks (more) secure.

    • by shitzu (931108) on Wednesday August 27, 2008 @10:32AM (#24766093)

      Actually all you need to do is call the iphone, then when the call ends you are back at the home screen unrestricted.

      No it does not. It still asks for the code after the call has ended.

      • Re: (Score:2, Informative)

        by Brilthor (754604)
        just tested again; I can't seem to re-create it, it was an observation I made a couple days ago, apparently missed something doesn't change the fact that you just need to plug it into a computer to get the data anyways
        • by tlhIngan (30335)

          just tested again; I can't seem to re-create it, it was an observation I made a couple days ago, apparently missed something doesn't change the fact that you just need to plug it into a computer to get the data anyways

          It depends. If the phone is unlocked and you receive a call, the iPhone will remain unlocked. If the phone is idle, and it rings, it'll wake up, you answer call, then when call is finished, it'll turn off again. NOw, during the call, it may be unlocked (haven't tried) since you can do other th

          • Couldn't you just change the iTunes settings to think different (and recognize the new iPhone as an old one?)
          • by wootcat (1151911)

            NOw, during the call, it may be unlocked (haven't tried) since you can do other things while on a call (and it puts up that "tap to return to call" banner), so that may be an entry point.

            Just tried this. No, it's not. If you answer a locked phone, pressing the Home button brings you to the passcode entry screen. You also get the passcode entry screen if you try to view Contacts from the in-call screen.

        • by l0cust (992700)
          quoting from this post [slashdot.org]

          I just tried this, and although hanging up will eject you... if *while in-call*, the phone user navigates to any non-phone app (ie, safari) then hangs up the call, the phone won't re-lock.

          I don't own an iPhone so can't test this claim but probably someone who owns one can test it out.

    • On a slightly unrelated note most security articles seem to point out the obvious flaws instead of the clever ones (clearly the iphone lock function is only a slight deterrent)

      Well, yeah. It helps to understand it before posting "ZOMG IPHONE SUX HAHAHA", otherwise, you just get lost in all the "details" and wander off.

    • Re: (Score:3, Informative)

      by scorp1us (235526)

      My iphone blanks and when it wake it it prompts for the code. This is on 2.0.1

    • If the phone was locked when it was called, it will show a 'slide to unlok' message, and after the call is over, the phone will automatically lock itself again.

      If the phone is unlocked (or presumably at the unlock screen) when it was called, it will show an 'answer call' button (no slider) and after the call ends, it will go back to whatever screen it was on at the time of the call, which in this case would be the unlock screen.

      Fail.
  • by argent (18001) <peter@NOsPam.slashdot.2006.taronga.com> on Wednesday August 27, 2008 @11:11AM (#24766761) Homepage Journal

    I've run into all kinds of "kiosk" applications on every platform where this kind of bug exists, from bulletin board systems using applications with shell escapes in the '70s and '80s through "telnet:" URLs in restricted freenix front ends to embedded browsers on dektop operating systems. You can also use similar tricks to get past Apple's kiosk attract mode on Macs in computer stores, an I've run into them in a number of PC vendor demo modes over the years.

    When you build a sandbox you have to build it from the inside out. Never introduce anything to the sandbox unless you are absolutely certain that it doesn't have a backdoor. Not "unless you are certain you can close the backdoors"... sandbox programs have to be built around a model that "fails closed"... any action that increases privileges must require an explicit action from outside the program (such as installing a plugin). The amount of effort to build a sandbox out of components that default to an open mode and need to be "locked down" is so much greater that it's easier to reinvent the wheel than patch up the wrong kind of wheel to fit.

  • by CPE1704TKS (995414) on Wednesday August 27, 2008 @11:25AM (#24766991)

    This is the 21st century. I can understand defaulting to 4 digit pin, but why can't I choose a longer pin? My gf's Blackberry allows you to enter a much longer string. I have over a 6 digit pin for my ATM card. Why exactly does Apple force people to only have a 4 digit pin for the phone?

    • by drrck (959788)
      Are you suggesting that someone can more easily brute force a 4 digit PIN as opposed to a 6 digit one?
      • yes, 10^4 (numeric) or 36^4 (alpha-numeric) is smaller than 10^6 and 36^6. At least, last time I checked.
        • by drrck (959788)
          Mathematically yes I realize, but in the context of the time required to do either on a touchscreen phone is it even significant?
        • Re: (Score:2, Insightful)

          by Rayeth (1335201)
          The point is that a human doing either is wasting their time. There are easier and more profitable things to do when you have the hardware in your hands (like sell it to someone else) than try to break into the home screen.
        • Even if it were smaller, the point was either:

          A. A human user could not do either in an acceptable amount of time

          OR

          B. If they had some kind of remote access, a brute force check would be a trivial amount of time for 4 char or 6 char strings.

          Either way, they're both only a slight deterrent.
    • by Autonin (322765)

      My iPhone lock uses a passphrase - all 26 letters, upper and lower (52), all numbers (10), all characters (35), and the space - and not a PIN. It's also considerably longer that 4 characters. For fun, I put in 25 characters and it was ready to accept more.

      98 ^ 25 = 6.03 x 10^49 combinations - you'd be there awhile.

      What version are you running? You might want to consider updating.

  • Local security does not exist. If someone has access to your hardware, consider it compromised.

    Impractical? Hell yes. But that doesn't reality.

    • Re: (Score:3, Informative)

      by Ferzerp (83619)

      Only in the absence of encryption (which happens to be absent on an iPhone).

      My BlackBerry on the other hand, I can hand to someone with confidence that my data is safe for the foreseeable future (as with any encryption, it's only secure for as long as it would reasonably take to brute force the password)

  • Just set your double tap home to disable or ipod. Not much you can do then. But yes, double tap should probably be disabled when locked.

  • Hi all, I just happened to be browsing apple dev center trying to figure out some details on the bonjour service. I'm not sure I like it running on my network so I wanted to know more... Found the apple security site which lists their known flaws and security bugs. Scrolling through happened to see this one, remembered this post and here ya all go:

    http://support.apple.com/kb/HT1312?viewlocale=en_US [apple.com]

    or if you prefer:

    *

    Passcode Lock

  • You have to have a double-tab of the home key set to take you to Phone Favourites...

    I have it set to Home, and it doesn't work.

Living on Earth may be expensive, but it includes an annual free trip around the Sun.

Working...