A new bug has been discovered in iOS 5.0.1 that provides unauthorized access to a user’s contacts on passcode-protected iPhones. The bug, which was discovered by iPhoneIslam, is not easily reproduced and requires the attacker to have a spare SIM card or access to the victim’s phone number. The method involves inserting and ejecting the iPhone’s SIM card, which will eventually bypass the phone’s passcode and give unauthorized access to the contacts and phone app. The attacker can then make calls, view call history, view contacts and use FaceTime. The threat is seen as a somewhat minor issue that Apple will most likely fix in an upcoming iOS update. More →
Just a quick follow up to an article we posted last week. It looks like Apple’s iOS 4.2 gold master candidate, which was pushed out to developers last night, closes the security loop hole that allowed the iPhone’s lock screen to be bypassed from the “Emergency Call” function. We’ve been trying, unsuccessful, to replicate the issue with the latest iOS pre-release.
If you’re not a member of the developer community, and wondering when you can get your hands on iOS 4.2, know that iOS 4.1 GM was released to developers one week before it went live to the general public.
Blog 9to5Mac has picked up on an interesting bug in iOS 4.1, running on the iPhone, that will allow users to bypass the device’s lock screen and make phone calls. From a locked iPhone pressing the “Emergency Call” button, dialing a non-emergency number (such as “###”), then quickly pressing “Send” followed by the iPhone’s lock key will actually force the device into the “Phone” application. From there you can access favorites, contacts, the dial pad, recent calls, and voicemails. The “home” button remains inactive throughout the process, preventing users from jumping to the home screen, however… going to the “contacts” tab, selecting a contact, and clicking “Email” or “Share contact” will allow a bypasser to send emails and MMS messages.
The issue is reminiscent of a bug in Motorola’s BLUR interface that allows users to make calls using voice actions from a locked screen we told you about last week. We’ve passed the information on to Apple and, hopefully, a fix is included in the next software update. We have a short video demonstrating the bug after the break. More →