Security Flaw In iOS 4.1 Gives Access To iPhone Contacts, Make Calls, Send Emails, MMS Even With Passcode Lock

News | Saturday October 23 2010 8:21 PM | Comments (0) Tags: , , , , , , , , , , , , ,

To reproduce the bug, make sure to have a passcode lock turned on and lock your device. In the lockscreen, tap on Emergency Call in the lower left corner. Now type a non-existent emergency number, I tried #946494. Start the call, and as soon as the red button appear hit the sleep button. You’ll be brought to the contact list.
I also noticed that while in this “forced Phone.app mode” you can’t go back to the homescreen but you can invoke the multitasking tray, even if tapping on apps won’t work. I was able to make SBSettings (jailbreak required) appear, but it didn’t work either. To return to the lockscreen from this forced mode, start a new call and end it. As @abrahamvegh also points out, trying to force quit the phone app will open Voice Control. It looks like you won’t be granted full access to the device through this flaw, but you’ll be able to make phone calls and access contacts nonetheless.
the Field Test application won’t start either in the “protected mode”, but you’ll be able to gain email access. Tap on a contact, then “share contact” and boom – you can send an email. As you can guess, email access exposes all your configured email address and contacts. MMS sharing works as well.
MacMagazine (Brazil) has published a video, which shows how the bug can be reproduced:
We were able to reproduce the bug. The security flaw has already been reported to Apple so lets hope that it is fixed in
, which is expected to be released in November.
Let us know if you are able to reproduce the bug.

No Comments »

No comments yet.

RSS feed. TrackBack URI

Leave a comment

You must be logged in to post a comment.