Glitch in Apple's iOS 4.1 allows iPhone access without passcode

Posted:
in iPhone edited January 2014
A glitch discovered in iOS 4.1 allows iPhone users to access contacts, call history and voicemail on a passcode-locked handset without knowing the numeric entry required to unlock the phone.



As detailed by Engadget, the glitch can be accomplished on any model locked iPhone running iOS 4.1. Users can access the handset's phone application by dialing a random number from the "Emergency Call" button on the iPhone lock screen, and quickly pressing the lock button after dialing that call.



Upon pressing the hardware lock button atop the iPhone, a user can then access the call history, voicemail and address book on the phone. The glitch works on the iPhone 3G, iPhone 3GS and iPhone 4.



Once in the phone application, neither the lock or home buttons work, and the handset can only be returned to the lock screen by attempting to place a call. However, users can also hold down the home button to access voice control and play music from the iPod application.



Selecting "share contact" and then choosing the camera icon also allows users to view the photo album on the iPhone without having properly unlocked the device with the secure passcode.



The report noted that the glitch is also functional in early beta builds of iOS 4.2. Apple's forthcoming software update for the iPhone, iPod touch and iPad is set for release sometime in November.
«13

Comments

  • Reply 1 of 46
    Tried it last night on the wife's phone, works perfect. It is not full access but you can make calls, look at the address book and some other stuff. Tried it on my 3G 3.1.3 Jailbroken iPhone and it does not work.
  • Reply 2 of 46
    Wow, that's specific, makes me wonder if Microsoft or Google don't have bunch of guys working 24-hours a day trying to find weird little quirks like this. Let the conspiracy theories begin!



    This bug doesn't concern me to much, if someone takes my phone & is dumb enough to try & then use it, great! I can find them on GPS as long as the phone is turned on!
  • Reply 3 of 46
    solipsismsolipsism Posts: 25,726member
    I’d think that after the last such glitch and their focus on security on the iPhone in general that they’d have put a little more attention into the Emergency Call option of the Lock Screen.
  • Reply 4 of 46
    nasseraenasserae Posts: 3,167member
    Looks like 4.1.1 is coming this week! Prepare for +500MB update.
  • Reply 5 of 46
    As someone who keeps his phone locked, this is disturbing -- particularly after my wife lost her phone in a restaurant. I love the remote-wipe ability, but it only works when the phone is on the network -- hers never seemed to come back online.



    At the risk of turning this into an iPhone wish list, there are some other things I'd like to see "fixed":



    ICE: It would be fantastic if emergency response personnel could access the ICE (In Case of Emergency) number in the address book without needing the phone's unlock code. Apple could add a button to the unlock screen that displays the ICE record (and only that record) from the address book. Just providing a "Dial ICE" button wouldn't work because there's no guarantee the iPhone will be able to make a cell connection.



    EMAIL RINGTONES: I would love to assign a custom ringtone to my boss's email address so I never miss his emails. I get a few hundred emails a day, and would love to not have to pick up and unlock my phone to check emails every 2 minutes.



    EMAIL PROFILES: I know this is a geeky Enterprise thing with a limited prospective user base, but I have to ask...I'd like to be able to set up schedule-based ringtone profiles. For example, between 12am and 5am I don't want to hear my email chirp unless it's A) my boss or B) high-important messages or messages from select email accounts. Yes, the schedule is important -- it's annoying having to turn email sounds of and on twice a day, and when I forget to turn them back on I can miss real emergencies.
  • Reply 6 of 46
    joe hsjoe hs Posts: 488member
    the "Share Contact" also lets you access the Messages and Mail app
  • Reply 7 of 46
    Quote:
    Originally Posted by NasserAE View Post


    Looks like 4.1.1 is coming this week! Prepare for +500MB update.



    This is a big complaint about iOS updates. It'd be nice to be able to just patch the OS with the affected files (over the air).
  • Reply 8 of 46
    Can't be replicated on the latest 4.2 beta. Looks like Apple is aware of it and already has a fix for it.
  • Reply 9 of 46
    Quote:
    Originally Posted by hezetation View Post


    Wow, that's specific, makes me wonder if Microsoft or Google don't have bunch of guys working 24-hours a day trying to find weird little quirks like this. Let the conspiracy theories begin!



    This bug doesn't concern me to much, if someone takes my phone & is dumb enough to try & then use it, great! I can find them on GPS as long as the phone is turned on!



    Or, somebody could look at your phone while you're away from your desk, and delete some contacts etc. and you'd be none the wiser.
  • Reply 10 of 46
    It's already fixed in the current 4.2 betas.
  • Reply 11 of 46
    joe hsjoe hs Posts: 488member
    Quote:
    Originally Posted by tawilson View Post


    Or, somebody could look at your phone while you're away from your desk, and delete some contacts etc. and you'd be none the wiser.



    You've just given me an idea..
  • Reply 12 of 46
    Quote:
    Originally Posted by Wurm5150 View Post


    Can't be replicated on the latest 4.2 beta. Looks like Apple is aware of it and already has a fix for it.



    Good to know.
  • Reply 13 of 46
    Nooooo I don't want to have to update to 4.1.1 and lose my jailbreak. Ah well, maybe whoever steals my phone will end up calling my ex-girlfriend and then regret stealing my phone.



    Nah, she was alright, just, way, way *intense*
  • Reply 14 of 46
    Quote:
    Originally Posted by ghostface147 View Post


    It's already fixed in the current 4.2 betas.



    I don't expect this to be out in the news, I think the news will all be "OMG TEH APPLE STEALZ ALL UR PHONE INFOZZ!!"
  • Reply 15 of 46
    nice, again and again the security for apple fails. Even though, we still can sleep soundly, because Apple does not have the viruses as everything else.... At least it was in the commercial...
  • Reply 16 of 46
    Self-conscious use of the word "glitch" rather than "bug" is really annoying in this article. This is a gaping security hole, no need to soft-peddle it to the Apple faithful (of which I am one).



    I don't normally get bothered by this sort of thing, but in this article it seems obnoxiously blatant.
  • Reply 17 of 46
    t2aft2af Posts: 44member
    Quote:
    Originally Posted by ranger_one View Post




    EMAIL RINGTONES: I would love to assign a custom ringtone to my boss's email address so I never miss his emails. I get a few hundred emails a day, and would love to not have to pick up and unlock my phone to check emails every 2 minutes.

    .



    search for 'mailtones' in the appstore .. does exactly what you are looking for ..
  • Reply 18 of 46
    Fixed in iOS 4.2 beta 3. Fandroids will make sure thatnobody ever hears about that.
  • Reply 19 of 46
    drdoppiodrdoppio Posts: 1,132member
    Just avoid losing your phone... that way...
  • Reply 20 of 46
    Quote:
    Originally Posted by Doorman. View Post


    nice, again and again the security for apple fails. Even though, we still can sleep soundly, because Apple does not have the viruses as everything else.... At least it was in the commercial...



    I keep my Windows machines up to date at least weekly, and I just finished installing 13 "critical" security fixes. These kinds of security bugs happen pretty infrequently on the Mac/iOS, but because of the popularity of the devices and scrutiny from competitors every one becomes a big press piece. If every Microsoft security flaw became an article, you'd have a tough time reading anything else.



    In regards to your viruses comment, I've been using Macs and PCs for 25 years now. I've never had a virus on the Mac (and I've never run Antivirus software there), but I've had probably more than 30 on my Windows machines (and that's WITH Antivirus software). It was so bad on our office network that you couldn't even plug a newly-installed machine into the network without getting a virus before you could download and install the AV updates. I got so tired of rebuilding Windows machines (because you can't ever cleanly remove a virus), I got rid of all of them except my BootCamp partitions on my Mac.



    Have you read about some of the security flaws with Android? Please.
Sign In or Register to comment.