iOS 5.0.1 bug lets users to bypass passcode and access iPhone contacts [video]

By on February 22, 2012 at 11:10 AM.

iOS 5.0.1 bug lets users to bypass passcode and access iPhone contacts [video]

A new bug has been discovered in iOS 5.0.1 that provides unauthorized access to a user’s contacts on passcode-protected iPhones. The bug, which was discovered by iPhoneIslam, is not easily reproduced and requires the attacker to have a spare SIM card or access to the victim’s phone number. The method involves inserting and ejecting the iPhone’s SIM card, which will eventually bypass the phone’s passcode and give unauthorized access to the contacts and phone app. The attacker can then make calls, view call history, view contacts and use FaceTime. The threat is seen as a somewhat minor issue that Apple will most likely fix in an upcoming iOS update. More →

No Comments

iOS 4.2 GM fixes dialer security flaw

By on November 2, 2010 at 10:41 AM.

iOS 4.2 GM fixes dialer security flaw

Just a quick follow up to an article we posted last week. It looks like Apple’s iOS 4.2 gold master candidate, which was pushed out to developers last night, closes the security loop hole that allowed the iPhone’s lock screen to be bypassed from the “Emergency Call” function. We’ve been trying, unsuccessful, to replicate the issue with the latest iOS pre-release.

If you’re not a member of the developer community, and wondering when you can get your hands on iOS 4.2, know that iOS 4.1 GM was released to developers one week before it went live to the general public.

12 Comments

Security flaw allows calls (and more) from a locked iPhone running iOS 4.1

By on October 25, 2010 at 6:01 PM.

Security flaw allows calls (and more) from a locked iPhone running iOS 4.1

Blog 9to5Mac has picked up on an interesting bug in iOS 4.1, running on the iPhone, that will allow users to bypass the device’s lock screen and make phone calls. From a locked iPhone pressing the “Emergency Call” button, dialing a non-emergency number (such as “###”), then quickly pressing “Send” followed by the iPhone’s lock key will actually force the device into the “Phone” application. From there you can access favorites, contacts, the dial pad, recent calls, and voicemails. The “home” button remains inactive throughout the process, preventing users from jumping to the home screen, however… going to the “contacts” tab, selecting a contact, and clicking “Email” or “Share contact” will allow a bypasser to send emails and MMS messages.

The issue is reminiscent of a bug in Motorola’s BLUR interface that allows users to make calls using voice actions from a locked screen we told you about last week. We’ve passed the information on to Apple and, hopefully, a fix is included in the next software update. We have a short video demonstrating the bug after the break. More →

80 Comments