[greenmymac] on the MacRumors forums recently exposed a security flaw that allows anyone full access to a locked iPhone running firmware version 2.0.2. The flaw works by entering the emergency call menu of a locked iPhone, and double tapping the home button. This opens the iPhone’s Favorites menu, allowing anyone in your Favorites to be called. From here, an attacker has access to your SMS messages and potentially your email or Safari browser. While we are sure that Apple has a patch for this flaw on the way in the next firmware update, there is a temporary way to secure your locked iPhone. Simply enter the Settings menu on your iPhone and enter General > Home Button and select “Home” or “iPod”. Now when you double tap your home button, it will navigate to either your home screen or the iPod screen. While this fix might be annoying for some, as of right now it seems like the only way to secure your locked iPhone.
[photo: Refracted Moments™]
[via Gizmodo]
This is no surprise. Just like with most other devices, if you can gain physical access to it, its pretty much “owned” already. This is why, if you use Exchange as the back end, you can remotely wipe the device if you lose it.
“1. This is no surprise. Just like with most other devices, if you can gain physical access to it, its pretty much “owned” already. This is why, if you use Exchange as the back end, you can remotely wipe the device if you lose it.
Posted at 12:28PM on Aug 28th 2008 by JF”
Yeah, except for Enterprise ready devices, like the Blackberry…
There is a reason for FIPS-140-2 compliance…