iOS 4.1 Bug Allows Access to iPhone Contacts and Voicemails Despite Passcode Protection

An iOS 4.1 bug discovered in our forums late last week has been gaining significant attention for its ability to allow users to bypass the built-in passcode protection on the iPhone to view contacts, call histories, and voicemail. While the bug does not permit full access to the iPhone's functions, as the home and lock buttons remain mostly non-functional, users have also reported being able to activate music functions and voice control while in this mode.

The passcode bypass is performed by attempting to place an Emergency Call to a non-emergency number (such as "###") and quickly hitting the lock button on the top of the iPhone after placing the call. The iPhone immediately opens up to the Phone application, offering full access to contacts and other phone-related information.

It is unclear whether the issue exists in developer builds of iOS 4.2 currently being distributed by Apple, as some users have reported that they have been able to replicate it under iOS 4.2 while others claim that they can not. Complicating the assessment is a lack of information from these sources regarding which builds of iOS 4.2 they are running.

Update: Wired received a statement from an Apple spokeswoman, who noted that the bug will be fixed in iOS 4.2 next month.

An Apple spokeswoman contacted with a response regarding the security flaw: "We're aware of this issue and we will deliver a fix to customers as part of the iOS 4.2 software update in November."