iOS 4.1 security hole allows using the iPhone when it's locked

By on October 26, 2010, 2:21 PM

With the latest iOS 4.1, it appears that Apple has opened up a small security vulnerability: the iPhone's passcode no longer works as it should. If you input a random number in the emergency call field, press call, and then promptly hit the hardware lock button, you will gain access to the Phone app. The issue occurs on all iPhones that can been upgraded to iOS 4.1; the iPhone 3G, iPhone 3GS, and iPhone 4 are all vulnerable.

In other words, even if your phone is locked, you can make non-emergency phone calls from it. This could be easily abused by thieves who use your phone to make expensive calls right after they steal your iPhone. The hole also grants the user access to favorites, contacts, recent calls, and voicemail. Additionally, selecting "share contact" and then the camera icon will give you access to the photo album. Furthermore, if the user holds down the menu button he or she can gain access voice control and play locally-stored music. Here's a video from Boy Genius Report showing the issue:

We expect that Apple will have a fix available by iOS 4.2, though there's no date for that release yet. Currently, the 4.2 beta still has this problem since it has only been recently discovered and sent as a bug report to Apple.





User Comments: 27

Got something to say? Post a comment
Scshadow said:

All so worried about keeping Iphones from being jailbroken, Apple leaves this vulnerability wide open. Great job Apple. Why don't you start spending less time protecting your bottom line and spend more time protecting your consumer. And Apple continues to be on my ban list. I will not buy an apple product.

Cueto_99 said:

So... My passcode is there just to annoy me everytime I wake up the phone from sleep mode... Apple, you should give out rewards to people who find these kind of security issues like this one, and maybe start a program like Mozilla did some time ago...

princeton princeton said:

I never use a passcode. I just plan on having my iphone embedded in my arm.

bakape said:

Is this really a bug? Sounds more like an 'easter egg' or cheat code.

up down down left right A B B to unlock Flash

princeton princeton said:

bakape said:

Is this really a bug? Sounds more like an 'easter egg' or cheat code.

up down down left right A B B to unlock Flash

APPLE! Please do. Flash on my iphone would rock!

frodough said:

Apple is mostly looks, it's like a glass case with a lock and they expect you to store things in it which people do because apple tells them it's super safe... but it's glass case...sigh

bakape said:

frodough said:

but it's glass case...sigh

Yes! A glass case that shatters

kaonis92 said:

Why can't they just release a hotfix like 4.1.1 or something instead of waiting until 4.2 is ready?

posermobile89 said:

What I find more severe is the fact you can completely reformat an iPhone even if it has a passcode, which should allow for activition if the SIM card is in. No idea how iPhone activation works though...

Guest said:

Besides these things apple is releasing new softwares

klepto12 klepto12, TechSpot Paladin, said:

Another apple blunder apple is one company i don't trust and wish they would go under lol. Lets see they make a phone that is messed up and then blame the customer.

Guest said:

[Quote] Lets see they make a phone that is messed up and then blame the customer.

Also, don't forget they made a tablet with wifi issues and blamed the consumer's routers.

I honestly wouldn't pick on Apple so much if they weren't so stuck up about how perfect their products are. So I can't help but laugh at their misfortunes.

oasis789 said:

good job apple, making theft easier and easier...

xanthic42 said:

That seems like a pretty obvious case that should have been checked by QA. "What happens when we hardlock the phone to interrupt an emergency call?"

AppleFanboy said:

And Apple continues to be on my ban list. I will not buy an apple product.

You don't know what you're missing out on.

Eddo22 said:

"Another apple blunder apple is one company i don't trust and wish they would go under lol."

I agree. I can't stand Apple and their owners tick me off. Apple is better than..blah blah blah.

Faller said:

Not a big apple fan but it'll be fun to mess with my machead friend. At least he's not pretentious about it.

ajd007 said:

This reminds me of the windows 95 hack that let you login to the computer without knowing the password.

fadownjoo said:

im just tired of apple, im either moving to android or win mo 7 next phone.

fritz123 said:

wow idk how apple overlooked this flaw. for the pricetag on their gadgets, they should protect their users from these kinds of vulnerabilities.

lets go steal an iphone. haha kidding

Burty117 Burty117, TechSpot Chancellor, said:

Just tried it on my iPhone 3GS (fully updated) and indeed this works! just showed the guys at work and since the office is full of iPhones it is now causing a bit of a stire

XnaX said:

AppleFanboy said:

And Apple continues to be on my ban list. I will not buy an apple product.

You don't know what you're missing out on.

Oh, but I do.. And it's not worth it..

Davidoff Davidoff said:

apple: not good

LNCPapa LNCPapa said:

Yeah - I've been showing this off at work too. Most of the folks here are saying, "who cares? Who said their stuff was secure anyway?" Guess I'm the only one really worried about people making calls to my CIO from my phone.

uttaradhaka said:

Till now, we used to hear that the iphone universe is locked down because of security. Now we found out that they can't even design the lock screen in their phone. Awesome

customcarvin customcarvin said:

HAHA, most of your comments make me laugh... Beating on crApple is fun!!

Also, don't forget they made a tablet with wifi issues and blamed the consumer's routers.

I honestly wouldn't pick on Apple so much if they weren't so stuck up about how perfect their products are. So I can't help but laugh at their misfortunes.

That's exactly how I view it, if Apple didn't have their "holier than thou" attitude then I probably wouldn't care, but they do, so I love reading stuff like this. It sucks for the consumer though, they're the ones who pay... but then again, most of them don't seem to mind... maybe most of them like technological submission/sadism?

AppleFanboy said:

Why can't they just release a hotfix like 4.1.1 or something instead of waiting until 4.2 is ready?

Actually, I can (shh) run i O S 4 . 2 on my iPad, and I'm not a dev.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.