iOS bug unlocks iPhones sans password
Making calls from locked iPhone 4s
A recently discovered bug in Apple's iOS 4.1 allows users to make iPhone calls without first entering a passcode.
The bug means there is no way to prevent unauthorized people from using the devices in the event they're lost or stolen. All that's required to unlock a phone is to press the Emergency Call button, enter a non-emergency number such as ###, tap the call button and immediately hit the lock button. Voila, the iPhone's contacts page will open, from which calls can be made.
Like most smartphones, the iPhone comes with a lock that requires a user to enter a password before calls and other features can be used. The ability to bypass the protection was reported on Friday by a MacForums user. Other members quickly confirmed it worked on iPhones running iOS 4.1 and that the technique also allowed unauthorized users to active the device's voice control mode.
You can test it for yourself, or view the video below to see it in action.
It's not the first time the iPhone passwords have been tripped up by a flaw involving the Emergency Call button. The Register was surprised to find just such a bug in August 2008. The embarrassing goof was quickly fixed, and we thought that would be the end of it. Now – for a limited time, anyway – it's back. ®
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
COMMENTS
"You only hear about those in the iPhone because ,,,"
your leader Jobs thinks the sun shines out his a*se and he can walk on water.
If Jobs wasn't such a supercilious phallic symbol and admitted that he and Apple actually made mistakes - like the yet unfixed Grip of Death, exploding batteries, etc. - we would cut him some slack.
As it is he is just making himself a target.
More than phone calls
You can do more than phonecalls.
Go into the contacts, and you can send an email by sharing a contact. You can send an MMS the same way. Once in the MMS app, click the camera and you can view all the photos on the phone, or use the camera.
You can edit contacts, change ringtones.
You can access the paste buffer and see what the last copy/cut/paste was.
You can enter the user's voicemail (if they've saved their password). From there, listen to their messages, change their password, etc.
Of course, you can view all the contacts, edit them, delete, add, and view recent calls.
Pretty heavy-duty flaw if you ask me.
Er ...
Just hold down the menu button until it goes into voice mode then say "Call Fred" and it will call Fred without the passcode.
Works on iOS 3 on my 3GS no problem. Maybe I should upgrade ...
IT infrastructure monitoring strategies
What you need to know about cloud backup
Agentless Backup is Not a Myth
Top 10 SIEM Implementer’s Checklist
Steps to Take Before Choosing a Business Continuity Partner
