Major security hole found in iPhone

Major security hole found in iPhone

Summary: Gizmodo has unearthed a security flaw in the iPhone OS and boy is it a doozy. According to the post it's simple to access a locked iPhone's address book, Mail, SMS, Contacts, and Safari.

SHARE:

Gizmodo has unearthed a security flaw in the iPhone OS and boy is it a doozy. According to the post it's simple to access a locked iPhone's address book, Mail, SMS, Contacts, and Safari.

The vulnerability works like this on a password protected and locked iPhone:

  • Then slide to unlock
  • Tap emergency call
  • Double tap the home button

This give you access to the iPhone's favorites, the Address Book, the dial keypad and your voice mail. And it gets worse.

Tapping on the blue arrows next to the names gives you full access to the information in a favorite. Tapping an email address gives you access to the Mail application. Tapping a URL in a contact provides full access to Safari. Tapping send text message gives access to all your SMS'.

Um, this is bad. Especially when the phone is supposed to be locked. Apple, let's get iPhone 2.0.3 out the door ASAP, m'kay?

Topics: Mobility, Collaboration, Hardware, iPhone, Networking, Security, Telcos

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

67 comments
Log in or register to join the discussion
  • what else is new ?

    it's a well known fact that Apples' always overlooked serious flaws like this. Probably because their employees are too busy playing Plum Caddy or CubicMan Deluxe instead of doing what they are being paid to do....

    I don't think Apple will ever emerge as a serious contender to Microsoft OR RIM.
    zero7404
    • wow just wow

      "I don't think Apple will ever emerge as a serious contender
      to Microsoft OR RIM"

      I have to agree with you on this one, especially with the
      enterprise users they are really trying to target.

      Come on Apple, this is just silly.
      ChrisOPeterson
  • RE: Major security hole found in iPhone

    Every week there seems to be a new discrepancy with the iPhone. So glad I don't own one.
    Loverock Davidson
  • RE: Major security hole found in iPhone

    I don't want this, i'm struck with O2 for 18 months contract, i'm slowly loosing my temper with Iphone, too many bad reviews too many faults, this one is not even worth of the hype created. I don't get 3G around Canary wharf area only 2 inconsistant bars, come on guys why are you playing with our emotions, i'm seriously depressed,takes ages to download or send mails.The phone got hanged twice while answering a call and playing music.

    I guess IPHONE 3G is best for music, oh wait a minute that's IPOD. Can you guys take back my phone and do your R&D and help other customers
    madhu@...
    • whose fault?

      Seems to me you're blaming Apple for bad coverage when you should be blaming O2. Didn't they give you some sort of trial period when you sign up to see how the coverage was in your area?
      lumpy_blumpkin
    • The risk Me-Firsters take

      Er, I mean early adopters.
      First generation or two of most consumer electronic stuff is buggy, clunky, and soon replaced by better. But hey, you had it first and paid a premium!
      NotMSUser
      • This is the second generation iPhone!

        I guess that kills that excuse.
        ShadeTree
    • Research before buying...

      at least to take a risk on a gadget as expensive as the iPhone but then not do the basic research to check what coverage you have to use it first? Could've saved yourself your $$ and 'lost temper'.

      best of luck tho
      Judson01
    • What?

      You bought a 3G phone in an area without 3G coverage - pure genius! You are reading bad reviews about the iPhone and that's affecting you how? Are *you* having problems with the phone (other than no 3G reception)? Guess what, *my* iPhone has crappy 3G reception! Imagine that! My Edge connection is slow! Imagine that! Wait a minute: I don't have 3G coverage in my area and AT&T's edge network here sucks. How is that the iPhone's fault? Guess what? The other non-apple 3G phones don't have 3G reception and slow Edge speeds too. And their battery life is worse than the iPhone and they don't have the rich software stack that the iPhone does.

      Are you having problems with the iPhone itself? Does it pull up the wrong number when you touch a contact? Does it crash constantly? What? Rela problems need to be reported and addressed.

      As far as this security hole goes, yes, it's a problem, yes it has to be fixed, pronto! This is a real problem to complain about.

      Tell you what. I'll buy your phone for $199.00 U.S. ($299.00 if it's a 16GB) today.
      NtroP
      • I'll buy your phone for $199.00 U.S

        Can you assume his service contract?
        deowll
  • I don't own a iPhone...

    Yes a security flaw is a bad thing. Apple will fix it, also as
    security flaws are found other vendors will fix theirs as
    well.

    Unless someone steals your iPhone or through negligence
    you loose it there's nothing to be concerned with.

    Do notice Nokia have security flaw in the phone and their
    PC Suite software. One security company notes and Nokia
    confirms; quote: ...could let a hacker get control of a
    phone simply by knowing the phone number...unquote.

    Blackberry has security flaws as well. Google is your friend,
    search: "Nokia security flaws", and "Blackberry security
    flaws".

    Truly, I'm not apologizing for the iPhone flaw, however
    before one gets their bobs in a wad be aware other
    phone vendors have their security issues as well.
    BubbaJones_
    • Although I agree mostly...

      Three taps and you're in?

      Come on. That's pathetically easy. Passwords are supposed to offer at least a little resistance.
      laura.b
    • You are correct, but a little off the mark

      I completely agree that if someone is complaining about flaws in the iphone, based on the notion that similar products do not have some similar type flaws, they are wasting their breath.

      I think the point is here is that the iphone is essentially a newer product then the others in an already well established product type. Apple didn't have to reinvent the cell phone here; they simply had to improve upon what was already available. One would hope that the improvements would come by way of avoiding serious glitches and eliminating at least one or two of the kinds of security flaws that were made evident in other similar products.

      Further, it was not like the iphone was promoted as some poor mans cheap answer to the cell phone, far from it. The iphone was hyped to the max and promoted as the next best thing you could own. That pretty much implies security shouldn't be an issue. The idea that "new" products will always, and almost forgivably, have some very rough glitch's is wearing a little thin. I didn't see too many people out there who thought the glitches in Vista were forgivable.

      Minor glitch's, those weird little annoyances that creep up that nobody would expect are understandable. When coming out with a new product that is a completely new thing, usually doing an entirely new piece of work, then sure, even some significant glitch's are to be expected but you might find that acceptable if the product is generally doing the "new work" as advertised.

      The iphone is essentially still a cell phone, being sold as a new and improved replacement for many of our current standards like the Blackberry. One does have to expect in these kind of cases that the new improved replacement will not just be new improved eye candy, but instead looks toward being a better functioning unit, and in the case of a cell phone even better security.
      Cayble
    • All other phones are perfect. Only iPhone is bad.

      And expensive.

      And it hasn't set a new standard by which all other phones
      are going to be judged.

      And there aren't roughly 8 million delighted customers in
      less than 10 months of it being on the market (no phone
      in history has been so successful, last I checked).

      And it doesn't do oral sex. Oh, wait, I guess it didn't
      promise that but that's still no reason not to complain
      about it.
      mlindl
  • Workaround

    Change your home button to go to the home screen on a double-
    press.

    Credit to http://talkback.zdnet.com/5208-12691-0.html?
    forumID=1&threadID=51279&messageID=963472&start=0
    frgough
  • RE: Major security hole found in iPhone

    Physical security. This is not a problem for those of us who
    do not leave our iPhones lying around. As with a computer,
    if you have lost physical security, you have lost it all.
    chadpengar
    • Sure...

      Because no one ever leaves their phone on their desk at work while they run to the restroom, nor do they leave it in their bag at the gym/pool. Students don't leave them in their lockers, or in the locker room during practices. People on sets and stages don't leave their things in the dressing room, either. We pack those things around with us, no matter if it is completely inappropriate, inconvenient, damaging, or not allowed. No such instances exist. In addition, no one ever gets confidential or critical emails. So this is clearly no big deal. It is also clear that someone who steals the phone, and has to get it all the way back to their place to start cracking into it, basically playing beat-the-clock while I call AT&T and have them remotely wipe the phone, thus securing my data, is of much greater concern than a password that doesn't lock sh!t, therefore leaving your data out there for any idiot to collect in a matter of 1.5 seconds. I'm also cool with my husband, brother, mother, father, friends, etc, having the ability to peruse information that may be private, even if it's not sensitive, but it doesn't matter because only a real dummy would leave their phone lying around in my own house.

      On a related note, I've been considering soldering my phone to my hand, since I like so many others have never put it down.

      /sarcasm


      All sarcasm aside (and seriously, I was just kidding), this does seem to be an issue of sheer simplicity, which will guarantee make more than one enterprise step back and question what other incredibly easy tasks have been screwed up. It could be a major problem for businesses...but I don't see it being nearly so big a problem for consumers.

      But that doesn't mean that they shouldn't be embarassed of how easy they made it.
      laura.b
  • iHole

    I expect to see many more such glaring bugs and issues with i products of all kinds in the coming months.
    iJim
    • Realy?

      Why? Are you just singling out 'i' products or all new products? Does this make you feel better about yourself?

      Perhaps you only use "ultra-innovative", "ultra-secure", ultra-reliable" products that have no faults? What products would those be? What OS do they run? WinCE? WinMobile? WinXP? Vista?

      I'd LOVE to see a list of these awesome products. Please share them with us. But be careful. Make sure you thoroughly research the security history of each and note how long it took each to mature into the super-robust, solid, shining examples you're imagining.
      NtroP
  • Good ideal

    But, no offense, were paying good money for a working phone, not one needing a work around.

    Apple should just fix it, or better yet, just quit rushing things to market to catch the hype.
    John Zern