Security flaw bypasses iPhone lock screen

It looks like the iPhone lock screen provides just a marginal level of protection. [Jordand321] discovered a key combination that opens the contact app on a locked iPhone. Just tap the emergency call button, enter the pound sign three times (###), then tap call and immediately tap the lock key on the top of the phone. If this is confusing just look at the video after the break to see how it’s done.

You don’t get access to everything on the device. But this does give an attacker access to all of your contact data and allows that person to make any calls they desire.

[via Wired via 9to5Mac]

Comments

  1. ACIDRAIN says:

    …and this is why I don’t like Apple or its philosophy of “We know what you need”.

    Like a pusher robot with a black turtleneck.

  2. biozz says:

    damn apple how did you let this one slip threw? XD

  3. MrCung says:

    I’m not sure that i catch your drift ACIDRAIN… What has their philosophy to do with this bug? I’m sorry but i’ve seen worse bugs in some of the old Android releases and i’m sure there is bugs even in Froyo.. To me your post only seem like a flamewar-starter.

    Note: I myself is an Android user, and i dont exactly like Apple’s philosophy, but your post seems to be pretty useless.

  4. MS3FGX says:

    To be fair, glitches like this can happen no matter who is writing the software, and the issue will certainly be fixed soon. I don’t support many of Apple’s business practices either, but that has nothing to do with this.

    Android 2.0.1 had a glitch wherein the lock screen could be bypassed simply by calling the phone in question and hitting the Back button.

  5. Alan says:

    Yep, that’s stupid. Mine does it.

  6. Pilotgeek says:

    So? On my Android, pulling the battery and turning it back on bypasses the lock screen.

  7. bilbao bob says:

    All smartphones have a maintenance bypass.
    This isn’t just apple being stupid – most phones have something like this.

  8. outleradam says:

    did not work on my 3gs

  9. Daley says:

    Here in the office, we got it to work on one, but the other two we tried wouldn’t do it. One was the new iphone 4.

  10. sp00nix says:

    It’s not a flaw, it’s a feature!

  11. Me says:

    @Bilbao Bob: “All smartphones have a maintenance bypass.”

    How on earth is a “maintenance bypass” on a lock screen a feature? Then what is the use of the lock screen in the first place…? No, this is a Bad Thing.

  12. trekeyus says:

    who even locks there phone with a lock code other then menu *?

  13. Drone says:

    Govt. made them do this.

  14. Digital Ruse says:

    You can also access people’s photo library and take pictures if you edit a contact. Thankfully, it doesn’t look like you can take them off the phone.

    As always, physical security is paramount regardless of the technology.

  15. Itwork4me says:

    Not an issue on 3GS, with 4.0 -8A293. Besides to say ‘bug’ is kinda misleading since your phones JBd. Hence it’s a feature.

  16. i_love_apples says:

    You can also E-mail people (ActiveSync) if you choose a contact and share it via email…delete the vcf file and compose your mail… :)

  17. butwhatsmore says:

    Definitely works on mine. (ip4 jailbroken 4.2) You can also activate the voice control once ‘breaking into’ the dial pad by holding the home button. From there i was able to play music as well as make calls.

  18. bilbao bob says:

    @itwork4me

    It’s still there – just hidden better.
    Kinda like the yellow pixels on color copiers.

  19. nutz4hs says:

    tried on several iphone4s and 3gs’s all worked. but kicks you out after 30-45 secs.

  20. nutz4hs says:

    forgot to say, none of which were jailbroken.

  21. jukus says:

    3gs 8gb, didnt work, unless its specific. SKEPTIC…where?

  22. outleradam says:

    I tried this unsucessfully on a 3gs running 4.1 jailbroken and my wifi stopped working afterwards

  23. Dave says:

    This also allows access to send MMS and e-mail by selecting a contact and choosing “share contact.”

  24. losfurcis says:

    what about using that in hospitals to dial to friends and parents?

  25. Me says:

    If this is a “feature”, possibly gov-mandated … has anyone identified the method to bypass the pattern lock on an Android?

  26. willyshop says:

    uh, nope. Didn’t work on mine.

  27. scabby says:

    This bug is much like the Win 98 login bypass by going to Help -> Print Help, etc. I hate Apple and all, but honestly, this crap happens. You program something with as much text as the bible, and have dozens of authors, there’s going to be mistakes. (I’m sure there’s a corollary in there somewhere…)

  28. vonskippy says:

    Didn’t work on my phone – oh yeah, it’s a Droid Incredible not some suckass Apple POS.

  29. zerocool818 says:

    lol i did it on my iphone 3gs and it worked i found a hidden feature not flaw lmao

  30. Matt says:

    Any number works, not just 3 #s. Also, you can send email, send texts, and browse photos. All from the contacts list. Pretty powerful stuff. If you’re wondering how you can send a text, try sending a contact.

  31. it doesn’t work on my iPhone… cause I don’t have one :)

    @trekeyus: nice one

  32. Spork says:

    Same as how I used to bypass windows XP activation screen. It’s just a bug and really not a big one, if someone steals your iPhone, they can use a PC to get through your password screen. (ie recovery mode -> iPHUC -> remove “/mnt/mobile/Library/Preferences/com.apple.springboard.plist”)

    Physical access trumps all.

  33. TFk says:

    @Pilotgeek: “So? On my Android, pulling the battery and turning it back on bypasses the lock screen.”

    Really? It doesn’t on mine – if I reboot it, it still asks for the passcode (well, joiny-dot combination) when I turn it back on, before it will let me do anything on the phone. And I have to put the PIN code in again when I do that.

    @Itwork4me: “…since your phones JBd…”

    They guy specifically says in the video that he has tested it on non-JBd devices as well.

    @MS3FGX: “…glitches like this can happen no matter who is writing…”

    I totally agree with you. I am worried that the locking feature can somehow fall back to the default caller app though – seems like they haven’t isolated the locking feature from the rest of the OS properly, in my eyes. Meh. It’s not like the other mobile OS’s haven’t had similar problems in the past (and probably will in the future).

  34. kmatzen says:

    Reproduced it on an iPhone 3GS.

  35. Eric says:

    3g 8GB 3.1.2 jb; works.

  36. Paul says:

    It could be feature added for medical purposes. To allow ER staff to gain access to ICE (In Case of Emergency) phone numbers. I am sure that there is a graph somewhere showing the direct correlation between rate of hospitalization and iDiots.

  37. Loki says:

    That isn’t a pound sign, it’s a hash.

    # – hash.

    £ – pound.

  38. Andrew says:

    Loki: quit your pedantry. “Pound sign” is completely valid terminology in the US ( http://en.wikipedia.org/wiki/Number_sign paragraph 2). The article even went out of its way to demonstrate it was the #.

  39. Thor says:

    @Loki
    Living in a substandard third-world country doesn’t entitle you to change long standing naming conventions used by a civilized and superior country.

  40. CG says:

    Obviously, they are dialing wrong.

  41. Jon says:

    @Pilotgeek: “So? On my Android, pulling the battery and turning it back on bypasses the lock screen.”

    Looks like apple fixed that work around :O)

  42. cocoa says:

    It is like locking down menus on windows98 and you can still hack yourself a cmd shell :)

    Personally I never lock my phones because it’s only me whose gonna get annoyed from it. Who would use it anyway? If someone would steal it they could get around that lock anyways.

  43. Phil says:

    @Thor: Exactly, glad you agree. Though calling the US a third-world country is a bit harsh.

  44. Tom says:

    If the US switched to Metric it wouldn’t matter ;)

  45. jo says:

    Im Surprised apple hasnt come back saying “your typing it wrong!”

    but in fairness bugs exsist across platforms, but its how the company deals with it, when apple makes up stuff to cover it up is where i draw the line

  46. Gert says:

    How is this not abject failure?

  47. Preston says:

    I can bypass the lock screen of my iPhone 4 by simply holding the home button until voice control pops up. From voice control I can call people and play music. 4.1 iOS not jailbroken. The posted method above works for me as well.

  48. thatmffm says:

    I just stumbled on this post… just wanted to point out that if you use the “Android Lock XT” app off Cydia, it removes the emergency call option from your lockscreen, and pretty much renders that glitch a non-issue. I just hope you don’t need to call 911 quick. haha.

  49. jason says:

    Wow, talk about weak security. Time to delete a bunch of pictures off my phone.

  50. Palaver says:

    Apple fixed it. Does not work on iOS 4.2.1.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 96,660 other followers