Security flaw allows full access to locked iPhones

[greenmymac] on the MacRumors forums recently exposed a security flaw that allows anyone full access to a locked iPhone running firmware version 2.0.2. The flaw works by entering the emergency call menu of a locked iPhone, and double tapping the home button. This opens the iPhone’s Favorites menu, allowing anyone in your Favorites to be called. From here, an attacker has access to your SMS messages and potentially your email or Safari browser. While we are sure that Apple has a patch for this flaw on the way in the next firmware update, there is a temporary way to secure your locked iPhone. Simply enter the Settings menu on your iPhone and enter General > Home Button and select “Home” or “iPod”. Now when you double tap your home button, it will navigate to either your home screen or the iPod screen. While this fix might be annoying for some, as of right now it seems like the only way to secure your locked iPhone.

[photo: Refracted Moments™]

[via Gizmodo]

Comments

  1. JF says:

    This is no surprise. Just like with most other devices, if you can gain physical access to it, its pretty much “owned” already. This is why, if you use Exchange as the back end, you can remotely wipe the device if you lose it.

  2. dc0de says:

    “1. This is no surprise. Just like with most other devices, if you can gain physical access to it, its pretty much “owned” already. This is why, if you use Exchange as the back end, you can remotely wipe the device if you lose it.

    Posted at 12:28PM on Aug 28th 2008 by JF”

    Yeah, except for Enterprise ready devices, like the Blackberry…

    There is a reason for FIPS-140-2 compliance…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 97,790 other followers