Slashdot Mirror

← Back to Stories (view on slashdot.org)

Locked iPhones Can Be Unlocked Without Password

Posted by timothy on from the now-lookie-hyeah dept.

snydeq writes "Private information stored in Apple's iPhone and protected by a lock code can be accessed by anyone with just a few button presses. Pressing the emergency call button at the unlock screen, followed by two taps on the home button, takes you to the iPhone's private 'favorites' page without the need to enter the unlock code, MacRumors user greenmymac has found. If the owner of the phone has favorite entries in their address book containing URLs, e-mail addresses or mobile phone numbers, then those entries can be used to launch the browser, mail application or SMS software, and gain access to private Web favorites, e-mail messages, and text messages stored in the phone, again without entering the unlock code."

10 of 102 comments (clear)

  1. Not quite... by daybot · · Score: 4, Informative

    Pressing the emergency call button at the unlock screen, followed by two taps on the home button, takes you to the iPhone's private 'favorites' page without the need to enter the unlock code

    Not quite - it takes you to Favorites or iPod depending on your double-tap shortcut setting. If it's set to the home screen then you are just prompted for the passcode. See here

    1. Re:Not quite... by Charles+Dodgeson · · Score: 4, Informative

      I do see the behavior described: Emergency call, then double press takes me to my phone "Favorites". From the favorites, I can look up the details of of those address book entries and bring up Safari or Mail.

      From Safari opened this way, I can get to my bookmarks. And I suspect that from Mail (haven't tested it yet), I could get to all of my contacts. All of this with completely by-passing the PIN.

      --
      Prime numbers are exactly what Alan Greenspan says they are -S. Minsky
  2. Just tested... by Elindor · · Score: 5, Informative

    There's a way to prevent this - set the Home Button to go to Home when double clicked - this simply drops it back to the PIN request (Or, if it's in iPod mode, bring up the basic iPod controls)

  3. The easier and more complete way by Brilthor · · Score: 4, Informative

    Actually all you need to do is call the iphone, then when the call ends you are back at the home screen unrestricted. On a slightly unrelated note most security articles seem to point out the obvious flaws instead of the clever ones (clearly the iphone lock function is only a slight deterrent)

    1. Re:The easier and more complete way by shitzu · · Score: 5, Informative

      Actually all you need to do is call the iphone, then when the call ends you are back at the home screen unrestricted.

      No it does not. It still asks for the code after the call has ended.

    2. Re:The easier and more complete way by scorp1us · · Score: 2, Informative

      My iphone blanks and when it wake it it prompts for the code. This is on 2.0.1

      --
      Slashdot's rate-of-post filter: Preventing you from posting too many great ideas at once.
    3. Re:The easier and more complete way by CaptainZapp · · Score: 3, Informative
      Actually the security lock works pretty reliable on just about any Nokia phone I ever owned.

      Sure, you could factory reset it, but, alas, that requires access to the keyboard, which is locked.

      You can call the phone and accept calls while locked, but that's it. After the call it goes back into locked mode.

      I'm not claiming it's 100% unhackable. Maybe you could flash the firmware (I wouldn't know). But in any case the security is not quite as innane as what Apple has implemented.

      --
      ich bin der musikant

      mit taschenrechner in der hand

      kraftwerk

    4. Re:The easier and more complete way by Brilthor · · Score: 2, Informative

      just tested again; I can't seem to re-create it, it was an observation I made a couple days ago, apparently missed something doesn't change the fact that you just need to plug it into a computer to get the data anyways

  4. Re:Local security does not exist by Ferzerp · · Score: 2, Informative

    Only in the absence of encryption (which happens to be absent on an iPhone).

    My BlackBerry on the other hand, I can hand to someone with confidence that my data is safe for the foreseeable future (as with any encryption, it's only secure for as long as it would reasonably take to brute force the password)

  5. This is a known patched bug by SenorPhatnutZ · · Score: 2, Informative

    Hi all, I just happened to be browsing apple dev center trying to figure out some details on the bonjour service. I'm not sure I like it running on my network so I wanted to know more... Found the apple security site which lists their known flaws and security bugs. Scrolling through happened to see this one, remembered this post and here ya all go:

    http://support.apple.com/kb/HT1312?viewlocale=en_US

    or if you prefer:

            *

                Passcode Lock

                CVE-ID: CVE-2008-0034

                Available for: iPhone v1.0 through v1.1.2

              Impact: An unauthorized user may bypass the
    Passcode Lock and launch iPhone applications

                Description: The Passcode Lock feature is
    designed to prevent applications from being
    launched unless the correct passcode is entered.

    An implementation issue in the handling of
    emergency calls allows users with physical access
    to an iPhone to launch an application without the
    passcode. This update addresses the issue through
    an improved check on the state of the Passcode
    Lock.