October 26, 2010

iOS 4.1 security bug discovered - bypass passcode entry

There's a security flaw in the iOS 4.1 discovered that allows people to gain access to you photos, apps, and what not in your iPhone (or any device running on iOS 4.1 for that matter) even if you have a passcode entry in place. And it' pretty simple to bypass by the way.
"How it works: when the passcode entry screen comes up, tap "Emergency Call." Input any number you like, then tap "Call" and click the iPhone's sleep switch in quick succession (to get this to work, I had to perform the two actions almost simultaneously). If you've done the "trick" properly, you should now have full access to the iPhone's Phone app, including contacts, keypad, and calling history. What's more: tapping "Share Contact" and the camera icon will give you access to the Photos app. That's the extent of your access -- hitting the home button doesn't do anything at all -- but it's bad enough."
More bad news, is that Daring Fireball's John Gruber said, that the bug can be done in the iOS 4.2. But Apple is, I think aware of this already, and is doing something about it.

Source: TUAW



Post a Comment