Security flaw allows calls (and more) from a locked iPhone running iOS 4.1

Blog 9to5Mac has picked up on an interesting bug in iOS 4.1, running on the iPhone, that will allow users to bypass the device’s lock screen and make phone calls. From a locked iPhone pressing the “Emergency Call” button, dialing a non-emergency number (such as “###”), then quickly pressing “Send” followed by the iPhone’s lock key will actually force the device into the “Phone” application. From there you can access favorites, contacts, the dial pad, recent calls, and voicemails. The “home” button remains inactive throughout the process, preventing users from jumping to the home screen, however… going to the “contacts” tab, selecting a contact, and clicking “Email” or “Share contact” will allow a bypasser to send emails and MMS messages.

The issue is reminiscent of a bug in Motorola’s BLUR interface that allows users to make calls using voice actions from a locked screen we told you about last week. We’ve passed the information on to Apple and, hopefully, a fix is included in the next software update. We have a short video demonstrating the bug after the break.

Read

blog comments powered by Disqus