It looks like the iPhone lock screen provides just a marginal level of protection. [Jordand321] discovered a key combination that opens the contact app on a locked iPhone. Just tap the emergency call button, enter the pound sign three times (###), then tap call and immediately tap the lock key on the top of the phone. If this is confusing just look at the video after the break to see how it’s done.
You don’t get access to everything on the device. But this does give an attacker access to all of your contact data and allows that person to make any calls they desire.
[youtube=http://www.youtube.com/watch?v=hq8Dok2Th2s]
…and this is why I don’t like Apple or its philosophy of “We know what you need”.
Like a pusher robot with a black turtleneck.
damn apple how did you let this one slip threw? XD
I’m not sure that i catch your drift ACIDRAIN… What has their philosophy to do with this bug? I’m sorry but i’ve seen worse bugs in some of the old Android releases and i’m sure there is bugs even in Froyo.. To me your post only seem like a flamewar-starter.
Note: I myself is an Android user, and i dont exactly like Apple’s philosophy, but your post seems to be pretty useless.
To be fair, glitches like this can happen no matter who is writing the software, and the issue will certainly be fixed soon. I don’t support many of Apple’s business practices either, but that has nothing to do with this.
Android 2.0.1 had a glitch wherein the lock screen could be bypassed simply by calling the phone in question and hitting the Back button.
Yep, that’s stupid. Mine does it.
So? On my Android, pulling the battery and turning it back on bypasses the lock screen.
All smartphones have a maintenance bypass.
This isn’t just apple being stupid – most phones have something like this.
did not work on my 3gs
Here in the office, we got it to work on one, but the other two we tried wouldn’t do it. One was the new iphone 4.
It’s not a flaw, it’s a feature!
@Bilbao Bob: “All smartphones have a maintenance bypass.”
How on earth is a “maintenance bypass” on a lock screen a feature? Then what is the use of the lock screen in the first place…? No, this is a Bad Thing.
who even locks there phone with a lock code other then menu *?
Govt. made them do this.
You can also access people’s photo library and take pictures if you edit a contact. Thankfully, it doesn’t look like you can take them off the phone.
As always, physical security is paramount regardless of the technology.
Not an issue on 3GS, with 4.0 -8A293. Besides to say ‘bug’ is kinda misleading since your phones JBd. Hence it’s a feature.
You can also E-mail people (ActiveSync) if you choose a contact and share it via email…delete the vcf file and compose your mail… :)
Definitely works on mine. (ip4 jailbroken 4.2) You can also activate the voice control once ‘breaking into’ the dial pad by holding the home button. From there i was able to play music as well as make calls.
@itwork4me
It’s still there – just hidden better.
Kinda like the yellow pixels on color copiers.
tried on several iphone4s and 3gs’s all worked. but kicks you out after 30-45 secs.
forgot to say, none of which were jailbroken.
3gs 8gb, didnt work, unless its specific. SKEPTIC…where?
I tried this unsucessfully on a 3gs running 4.1 jailbroken and my wifi stopped working afterwards
This also allows access to send MMS and e-mail by selecting a contact and choosing “share contact.”
what about using that in hospitals to dial to friends and parents?
If this is a “feature”, possibly gov-mandated … has anyone identified the method to bypass the pattern lock on an Android?
uh, nope. Didn’t work on mine.
This bug is much like the Win 98 login bypass by going to Help -> Print Help, etc. I hate Apple and all, but honestly, this crap happens. You program something with as much text as the bible, and have dozens of authors, there’s going to be mistakes. (I’m sure there’s a corollary in there somewhere…)
Didn’t work on my phone – oh yeah, it’s a Droid Incredible not some suckass Apple POS.
lol i did it on my iphone 3gs and it worked i found a hidden feature not flaw lmao
Any number works, not just 3 #s. Also, you can send email, send texts, and browse photos. All from the contacts list. Pretty powerful stuff. If you’re wondering how you can send a text, try sending a contact.
it doesn’t work on my iPhone… cause I don’t have one :)
@trekeyus: nice one
Same as how I used to bypass windows XP activation screen. It’s just a bug and really not a big one, if someone steals your iPhone, they can use a PC to get through your password screen. (ie recovery mode -> iPHUC -> remove “/mnt/mobile/Library/Preferences/com.apple.springboard.plist”)
Physical access trumps all.
@Pilotgeek: “So? On my Android, pulling the battery and turning it back on bypasses the lock screen.”
Really? It doesn’t on mine – if I reboot it, it still asks for the passcode (well, joiny-dot combination) when I turn it back on, before it will let me do anything on the phone. And I have to put the PIN code in again when I do that.
@Itwork4me: “…since your phones JBd…”
They guy specifically says in the video that he has tested it on non-JBd devices as well.
@MS3FGX: “…glitches like this can happen no matter who is writing…”
I totally agree with you. I am worried that the locking feature can somehow fall back to the default caller app though – seems like they haven’t isolated the locking feature from the rest of the OS properly, in my eyes. Meh. It’s not like the other mobile OS’s haven’t had similar problems in the past (and probably will in the future).
Reproduced it on an iPhone 3GS.
3g 8GB 3.1.2 jb; works.
It could be feature added for medical purposes. To allow ER staff to gain access to ICE (In Case of Emergency) phone numbers. I am sure that there is a graph somewhere showing the direct correlation between rate of hospitalization and iDiots.
That isn’t a pound sign, it’s a hash.
# – hash.
£ – pound.
Loki: quit your pedantry. “Pound sign” is completely valid terminology in the US ( http://en.wikipedia.org/wiki/Number_sign paragraph 2). The article even went out of its way to demonstrate it was the #.
@Loki
Living in a substandard third-world country doesn’t entitle you to change long standing naming conventions used by a civilized and superior country.
Obviously, they are dialing wrong.
@Pilotgeek: “So? On my Android, pulling the battery and turning it back on bypasses the lock screen.”
Looks like apple fixed that work around :O)
It is like locking down menus on windows98 and you can still hack yourself a cmd shell :)
Personally I never lock my phones because it’s only me whose gonna get annoyed from it. Who would use it anyway? If someone would steal it they could get around that lock anyways.
@Thor: Exactly, glad you agree. Though calling the US a third-world country is a bit harsh.
If the US switched to Metric it wouldn’t matter ;)
Im Surprised apple hasnt come back saying “your typing it wrong!”
but in fairness bugs exsist across platforms, but its how the company deals with it, when apple makes up stuff to cover it up is where i draw the line
How is this not abject failure?
I can bypass the lock screen of my iPhone 4 by simply holding the home button until voice control pops up. From voice control I can call people and play music. 4.1 iOS not jailbroken. The posted method above works for me as well.
I just stumbled on this post… just wanted to point out that if you use the “Android Lock XT” app off Cydia, it removes the emergency call option from your lockscreen, and pretty much renders that glitch a non-issue. I just hope you don’t need to call 911 quick. haha.
Wow, talk about weak security. Time to delete a bunch of pictures off my phone.
Apple fixed it. Does not work on iOS 4.2.1.