iPhone Bug Allows FaceTime Calls Even With Passcode Lock

News | Thursday February 9 2012 4:42 PM | Comments (0) Tags: , , , , , , ,

person, in possession of your passcode protected
with voice dialing deactivated, make FaceTime calls and view certain fields of your contacts from the lock screen.
The hack, which was discovered by Canadian tech writer Ade Barkah, exploits the Emergency Dialer accessible via the lockscreen to accomplish this task.
“Slide to unlock” on the lockscreen, and instead of entering the passcode, hit the “Emergency Call” button to get the emergency dialer.
Now long press the home button to bring up Voice Control and try to FaceTime with any of your contacts.
The call goes through, and you’ll be able to FaceTime with a person from your locked phone.
Even if a person in your contact list doesn’t have FaceTime set up, you can see the contact’s image on the screen.
Although the same process could be replicated for voice calling a person, the voice call doesn’t actually go through, but it could be used to reveal other information as explained below.
The loophole could be used to see certain details of a contact by a hit and trial method. For instance, you have two entries for a contact named “Bob,” and you tell Voice Control to “Call Bob,” it would present the full names of both Bobs. Similarly if a contact has two phone numbers, with one of the phone numbers filed under a custom field, Voice Control would present both these fields (not the number), which could potentially leak private information.
This isn’t a very serious flaw, though. For starters the phone would need to be connected to a Wi-Fi network. If it is, the person in possession of your phone would need to have some knowledge of your address book. And since the problem is only with Voice Control and not Siri, majority of iPhone 4S users won’t be affected. (Only when
is disabled, does Voice Control show up.)
It is a bug nonetheless, and Apple would most likely fix this in the
Ade has, in the past, discovered
which make information that should ideally be private, accessible via the lock screen.
Does this sound like a security threat to you?

No Comments »

No comments yet.

RSS feed. TrackBack URI

Leave a comment

You must be logged in to post a comment.