iOS 4.1 Bug Allows Access to iPhone Contacts and Voicemails Despite Passcode Protection
An iOS 4.1 bug discovered in our forums late last week has been gaining significant attention for its ability to allow users to bypass the built-in passcode protection on the iPhone to view contacts, call histories, and voicemail. While the bug does not permit full access to the iPhone's functions, as the home and lock buttons remain mostly non-functional, users have also reported being able to activate music functions and voice control while in this mode.
The passcode bypass is performed by attempting to place an Emergency Call to a non-emergency number (such as "###") and quickly hitting the lock button on the top of the iPhone after placing the call. The iPhone immediately opens up to the Phone application, offering full access to contacts and other phone-related information.
It is unclear whether the issue exists in developer builds of iOS 4.2 currently being distributed by Apple, as some users have reported that they have been able to replicate it under iOS 4.2 while others claim that they can not. Complicating the assessment is a lack of information from these sources regarding which builds of iOS 4.2 they are running.
Update: Wired received a statement from an Apple spokeswoman, who noted that the bug will be fixed in iOS 4.2 next month.
The passcode bypass is performed by attempting to place an Emergency Call to a non-emergency number (such as "###") and quickly hitting the lock button on the top of the iPhone after placing the call. The iPhone immediately opens up to the Phone application, offering full access to contacts and other phone-related information.
It is unclear whether the issue exists in developer builds of iOS 4.2 currently being distributed by Apple, as some users have reported that they have been able to replicate it under iOS 4.2 while others claim that they can not. Complicating the assessment is a lack of information from these sources regarding which builds of iOS 4.2 they are running.
Update: Wired received a statement from an Apple spokeswoman, who noted that the bug will be fixed in iOS 4.2 next month.
An Apple spokeswoman contacted Wired.com with a response regarding the security flaw: "We're aware of this issue and we will deliver a fix to customers as part of the iOS 4.2 software update in November."
Top Rated Comments
(View all)
21 months ago
I think I just found a security flaw in ios 4.1.
When you iPhone is locked with a passcode tap Emergency Call, then enter a non-emergency number such as ###. Next tap the call button and immediately hit the lock button. It should open up the Phone app where you can see all your contacts, call any number, etc.
My iPhone is jailbroken so that could be causing it. Can anyone confirm that it works on non-jailbroken iPhones?
When you iPhone is locked with a passcode tap Emergency Call, then enter a non-emergency number such as ###. Next tap the call button and immediately hit the lock button. It should open up the Phone app where you can see all your contacts, call any number, etc.
My iPhone is jailbroken so that could be causing it. Can anyone confirm that it works on non-jailbroken iPhones?
21 months ago
yep, flawed here, i4 with 4.0.1.. congratulations sir!
how in the heck did you find such a random combination of actions to test out? wow
how in the heck did you find such a random combination of actions to test out? wow
21 months ago
So now that the flaw is public, I believe it goes without asking that you have reported it to Apple?
;)
;)
21 months ago
holy crap.
awesome find. not that it matters to me personally... i never lock my phone.
awesome find. not that it matters to me personally... i never lock my phone.
21 months ago
yep, flawed here, i4 with 4.0.1.. congratulations sir!
how in the heck did you find such a random combination of actions to test out? wow
i gotta assume he was bored and was trying to do it. kinda random to happen by coincidence.
21 months ago
It also seems to lock you out from doing anything else, even putting it to sleep. I had to power mine off.
So now that the flaw is public, I believe it goes without asking that you have reported it to Apple?
;)
21 months ago
Works for me on my non-jb iPhone 4 running 4.1
Requires a reboot after though.
-Kristijan
Requires a reboot after though.
-Kristijan
21 months ago
Works for me on my non-jb iPhone 4 running 4.1
Requires a reboot after though.
-Kristijan
it doesnt.
while in contacts, tap on a contact, make the phone call and hit 'end'. then the phone will go back to the lockscreen asking for a pw.
21 months ago
it doesnt.
while in contacts, tap on a contact, make the phone call and hit 'end'. then the phone will go back to the lockscreen asking for a pw.
Cool, thanks.
-Kristijan
[ Read All Comments ]
Our sister-site TouchArcade notes that Chillingo's excellent physics puzzler Feed Me Oil is free today for both the iPhone and iPad. It's normally $0.99 for iPhone and $1.99 for iPad....
Several years ago, Comcast began instituting bandwidth caps of 250GB per month on its residential customers. In 2008, this was plenty for most customers, but with the advent of streaming video...
Reuters reports that China Mobile Chairman Xi Guohua has once again publicly stated that the world's largest mobile phone carrier is engaged in talks with Apple about offering the iPhone to its...
Apple has filed a motion to dismiss in a case filed by customers over alleged misleading advertising depicting the Siri technology in the iPhone 4S. The lawsuit, filed in March, alleges that...
The American Customer Satisfaction Index (ASCI) today released its latest rankings of customer satisfaction in the United States for mobile phones and a number of products and services, with the new...
