or Connect
AppleInsider › Forums › Mobile › iPhone › Glitch in Apple's iOS 4.1 allows iPhone access without passcode
New Posts  All Forums:Forum Nav:

Glitch in Apple's iOS 4.1 allows iPhone access without passcode

post #1 of 47
Thread Starter 
A glitch discovered in iOS 4.1 allows iPhone users to access contacts, call history and voicemail on a passcode-locked handset without knowing the numeric entry required to unlock the phone.

As detailed by Engadget, the glitch can be accomplished on any model locked iPhone running iOS 4.1. Users can access the handset's phone application by dialing a random number from the "Emergency Call" button on the iPhone lock screen, and quickly pressing the lock button after dialing that call.

Upon pressing the hardware lock button atop the iPhone, a user can then access the call history, voicemail and address book on the phone. The glitch works on the iPhone 3G, iPhone 3GS and iPhone 4.

Once in the phone application, neither the lock or home buttons work, and the handset can only be returned to the lock screen by attempting to place a call. However, users can also hold down the home button to access voice control and play music from the iPod application.

Selecting "share contact" and then choosing the camera icon also allows users to view the photo album on the iPhone without having properly unlocked the device with the secure passcode.

The report noted that the glitch is also functional in early beta builds of iOS 4.2. Apple's forthcoming software update for the iPhone, iPod touch and iPad is set for release sometime in November.
post #2 of 47
Tried it last night on the wife's phone, works perfect. It is not full access but you can make calls, look at the address book and some other stuff. Tried it on my 3G 3.1.3 Jailbroken iPhone and it does not work.
post #3 of 47
Wow, that's specific, makes me wonder if Microsoft or Google don't have bunch of guys working 24-hours a day trying to find weird little quirks like this. Let the conspiracy theories begin!

This bug doesn't concern me to much, if someone takes my phone & is dumb enough to try & then use it, great! I can find them on GPS as long as the phone is turned on!
post #4 of 47
I’d think that after the last such glitch and their focus on security on the iPhone in general that they’d have put a little more attention into the Emergency Call option of the Lock Screen.
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"
Reply
post #5 of 47
Looks like 4.1.1 is coming this week! Prepare for +500MB update.
post #6 of 47
As someone who keeps his phone locked, this is disturbing -- particularly after my wife lost her phone in a restaurant. I love the remote-wipe ability, but it only works when the phone is on the network -- hers never seemed to come back online.

At the risk of turning this into an iPhone wish list, there are some other things I'd like to see "fixed":

ICE: It would be fantastic if emergency response personnel could access the ICE (In Case of Emergency) number in the address book without needing the phone's unlock code. Apple could add a button to the unlock screen that displays the ICE record (and only that record) from the address book. Just providing a "Dial ICE" button wouldn't work because there's no guarantee the iPhone will be able to make a cell connection.

EMAIL RINGTONES: I would love to assign a custom ringtone to my boss's email address so I never miss his emails. I get a few hundred emails a day, and would love to not have to pick up and unlock my phone to check emails every 2 minutes.

EMAIL PROFILES: I know this is a geeky Enterprise thing with a limited prospective user base, but I have to ask...I'd like to be able to set up schedule-based ringtone profiles. For example, between 12am and 5am I don't want to hear my email chirp unless it's A) my boss or B) high-important messages or messages from select email accounts. Yes, the schedule is important -- it's annoying having to turn email sounds of and on twice a day, and when I forget to turn them back on I can miss real emergencies.
post #7 of 47
the "Share Contact" also lets you access the Messages and Mail app
post #8 of 47
Quote:
Originally Posted by NasserAE View Post

Looks like 4.1.1 is coming this week! Prepare for +500MB update.

This is a big complaint about iOS updates. It'd be nice to be able to just patch the OS with the affected files (over the air).
post #9 of 47
Can't be replicated on the latest 4.2 beta. Looks like Apple is aware of it and already has a fix for it.
post #10 of 47
Quote:
Originally Posted by hezetation View Post

Wow, that's specific, makes me wonder if Microsoft or Google don't have bunch of guys working 24-hours a day trying to find weird little quirks like this. Let the conspiracy theories begin!

This bug doesn't concern me to much, if someone takes my phone & is dumb enough to try & then use it, great! I can find them on GPS as long as the phone is turned on!

Or, somebody could look at your phone while you're away from your desk, and delete some contacts etc. and you'd be none the wiser.
post #11 of 47
It's already fixed in the current 4.2 betas.
post #12 of 47
Quote:
Originally Posted by tawilson View Post

Or, somebody could look at your phone while you're away from your desk, and delete some contacts etc. and you'd be none the wiser.

You've just given me an idea..
post #13 of 47
Quote:
Originally Posted by Wurm5150 View Post

Can't be replicated on the latest 4.2 beta. Looks like Apple is aware of it and already has a fix for it.

Good to know.
post #14 of 47
Nooooo I don't want to have to update to 4.1.1 and lose my jailbreak. Ah well, maybe whoever steals my phone will end up calling my ex-girlfriend and then regret stealing my phone.

Nah, she was alright, just, way, way *intense*
post #15 of 47
Quote:
Originally Posted by ghostface147 View Post

It's already fixed in the current 4.2 betas.

I don't expect this to be out in the news, I think the news will all be "OMG TEH APPLE STEALZ ALL UR PHONE INFOZZ!!"
post #16 of 47
nice, again and again the security for apple fails. Even though, we still can sleep soundly, because Apple does not have the viruses as everything else.... At least it was in the commercial...
post #17 of 47
Self-conscious use of the word "glitch" rather than "bug" is really annoying in this article. This is a gaping security hole, no need to soft-peddle it to the Apple faithful (of which I am one).

I don't normally get bothered by this sort of thing, but in this article it seems obnoxiously blatant.
post #18 of 47
Quote:
Originally Posted by ranger_one View Post


EMAIL RINGTONES: I would love to assign a custom ringtone to my boss's email address so I never miss his emails. I get a few hundred emails a day, and would love to not have to pick up and unlock my phone to check emails every 2 minutes.
.

search for 'mailtones' in the appstore .. does exactly what you are looking for ..
post #19 of 47
Fixed in iOS 4.2 beta 3. Fandroids will make sure thatnobody ever hears about that.
The best way to waste your life, ... is by taking notes. The easiest way to avoid living is to just watch. Look for the details. Report. Don't participate.
Reply
The best way to waste your life, ... is by taking notes. The easiest way to avoid living is to just watch. Look for the details. Report. Don't participate.
Reply
post #20 of 47
Just avoid losing your phone... that way...
post #21 of 47
Quote:
Originally Posted by Doorman. View Post

nice, again and again the security for apple fails. Even though, we still can sleep soundly, because Apple does not have the viruses as everything else.... At least it was in the commercial...

I keep my Windows machines up to date at least weekly, and I just finished installing 13 "critical" security fixes. These kinds of security bugs happen pretty infrequently on the Mac/iOS, but because of the popularity of the devices and scrutiny from competitors every one becomes a big press piece. If every Microsoft security flaw became an article, you'd have a tough time reading anything else.

In regards to your viruses comment, I've been using Macs and PCs for 25 years now. I've never had a virus on the Mac (and I've never run Antivirus software there), but I've had probably more than 30 on my Windows machines (and that's WITH Antivirus software). It was so bad on our office network that you couldn't even plug a newly-installed machine into the network without getting a virus before you could download and install the AV updates. I got so tired of rebuilding Windows machines (because you can't ever cleanly remove a virus), I got rid of all of them except my BootCamp partitions on my Mac.

Have you read about some of the security flaws with Android? Please.
post #22 of 47
Quote:
Originally Posted by Joe hs View Post

the "Share Contact" also lets you access the Messages and Mail app

If you pick a contact and try to add an existing picture to him/her you can access all the pictures in photos.. Pretty big security hole this..
post #23 of 47
Quote:
Originally Posted by kiwee View Post

If you pick a contact and try to add an existing picture to him/her you can access all the pictures in photos.. Pretty big security hole this..

on the bright side, at least the hole isn't bad enough to just let you press the home button and have full access...
post #24 of 47
You can get back to the lock screen using voice control, just say contacts or something else...it brings you back. Just FYI, so you don't have to place a call.
post #25 of 47
Quote:
Originally Posted by t2af View Post

search for 'mailtones' in the appstore .. does exactly what you are looking for ..

By forwarding all mail to their email servers? No thanks.

"My 8th grade math teacher once said: "You can't help it if you're dumb, you are born that way. But stupid is self inflicted."" -Hiro. 

...sometimes it's both
Reply

"My 8th grade math teacher once said: "You can't help it if you're dumb, you are born that way. But stupid is self inflicted."" -Hiro. 

...sometimes it's both
Reply
post #26 of 47
Quote:
Originally Posted by Tulkas View Post

By forwarding all mail to their email servers? No thanks.

post #27 of 47
Oh great, its back again ...

There have been similar flaws in the past related to the locked dialer that allows the user to make calls/etc.
MacKeeper - confidence and security for your Mac!
Reply
MacKeeper - confidence and security for your Mac!
Reply
post #28 of 47
Hey.. this is weird... Some got the glitch working, some didn't...
As for mine, no matter how fast I promptly click the hardware lock button, the screen just went blank. However, when I unlock the phone, I found myself on my Contacts list...
So, perhaps the so said "glitch" really does exist, but not on my phone... (still on IPhone 3Gs iOS 4.1 Model MC133ID)
post #29 of 47
Just curious how many iPhone owners actually use the lock. I never have and I'm on my third iPhone. I'll bet I'm not alone. Not saying it's smart, it's just reality.
A.k.a. AppleHead on other forums.
Reply
A.k.a. AppleHead on other forums.
Reply
post #30 of 47
Quote:
Originally Posted by Robin Huber View Post

Just curious how many iPhone owners actually use the lock. I never have and I'm on my third iPhone. I'll bet I'm not alone. Not saying it's smart, it's just reality.

Me either. My phone is either in my possession or on the night stand while i'm asleep or in the shower, plus there is nothing to hide anyway. Of course there was that one instance where it went through the washing machine and it came out permanently locked.

Life is too short to drink bad coffee.

Reply

Life is too short to drink bad coffee.

Reply
post #31 of 47
Quote:
Originally Posted by Joe hs View Post


Why the eyerolls? You would be ok forwarding your work email through a third party mail server? Your boss would be ok with that? I work with a lot of NDA materials in email, so it wouldn't fly for me.

"My 8th grade math teacher once said: "You can't help it if you're dumb, you are born that way. But stupid is self inflicted."" -Hiro. 

...sometimes it's both
Reply

"My 8th grade math teacher once said: "You can't help it if you're dumb, you are born that way. But stupid is self inflicted."" -Hiro. 

...sometimes it's both
Reply
post #32 of 47
I was wondering when AI would post about this. I thought perhaps they wouldn't post anything at all (since I equate them with being the Fox News of Apple news.)
post #33 of 47
which version of the ipod touch does it affect?
post #34 of 47
I have a pasword and not a passcode. I don't have that problem on iPhone 4 running IOS 4.1.
post #35 of 47
Quote:
Originally Posted by abeAI View Post

which version of the ipod touch does it affect?

Any running 4.1
post #36 of 47
Quote:
Originally Posted by Robin Huber View Post

Just curious how many iPhone owners actually use the lock. I never have and I'm on my third iPhone. I'll bet I'm not alone. Not saying it's smart, it's just reality.

Same. I used to have a passcode but got tired of having to enter it several times a day.
post #37 of 47
Quote:
Originally Posted by abeAI View Post

which version of the ipod touch does it affect?

Quote:
Originally Posted by Joe hs View Post

Any running 4.1

So uh, how does one get into emergency call mode on an iPod running 4.1?

"My 8th grade math teacher once said: "You can't help it if you're dumb, you are born that way. But stupid is self inflicted."" -Hiro. 

...sometimes it's both
Reply

"My 8th grade math teacher once said: "You can't help it if you're dumb, you are born that way. But stupid is self inflicted."" -Hiro. 

...sometimes it's both
Reply
post #38 of 47
Quote:
Originally Posted by Robin Huber View Post

Just curious how many iPhone owners actually use the lock. I never have and I'm on my third iPhone. I'll bet I'm not alone. Not saying it's smart, it's just reality.

I enabled the password lock for the first time today just to see if I could get this bug to work.
With how often I lock and unlock my phone I wouldn't want to have it on all the time. It doesn't seem like the bug is very easy to do. I got it to work on my third try, but couldn't get it to do it again after that.
post #39 of 47
Quote:
Originally Posted by Robin Huber View Post

Just curious how many iPhone owners actually use the lock. I never have and I'm on my third iPhone. I'll bet I'm not alone. Not saying it's smart, it's just reality.

If you connect your iPhone to a company's Exchange server with ActiveSync, know that the Exchange admins can force your iPhone to require a code to unlock it. Just curious how many Fortune 500 companies and all those other corporations actually force this requirement on their mobile phones.
post #40 of 47
Quote:
Originally Posted by ranger_one View Post

As someone who keeps his phone locked there are some other things I'd like to see "fixed":

ICE: It would be fantastic if emergency response personnel could access the ICE (In Case of Emergency) number in the address book without needing the phone's unlock code. Apple could add a button to the unlock screen that displays the ICE record (and only that record) from the address book. Just providing a "Dial ICE" button wouldn't work because there's no guarantee the iPhone will be able to make a cell connection.

I've wished for this feature for a long time! I even submitted the idea to Apple Feedback, but no hint that it'll ever be implemented. Are there any stats on how many people actually lock their iPhones?

"Be aware of wonder." ~ Robert Fulghum

Reply

"Be aware of wonder." ~ Robert Fulghum

Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPhone
AppleInsider › Forums › Mobile › iPhone › Glitch in Apple's iOS 4.1 allows iPhone access without passcode