iOS 5.0.1 bug gives the bad guys access to contacts, make calls and FaceTime

iOS 5.0.1 bug gives the bad guys access to contacts, make calls and FaceTime

Summary: Requires a hacker with a lot of patience.

SHARE:
TOPICS: Mobile OS, Apple
20

A bug has been discovered in Apple's iOS 5.0.1 OS that can allow a bad guy with a lot of time on their hands access to contacts, make calls and even use FaceTime on a password-protected iPhone.

The bug, which seems to have been first bought to light by iPhoneIslam.com, requires physical access to the handset, and is very involved. The process seems to involve confusing the handset after a missed call by either ejecting and reinserting the SIM card repeatedly or by being somewhere with no network coverage while trying to access the missed call.

Here's a video of the bypass in action ... I warn you though, it's not all that interesting! Skip to around 2:40 after the introduction to see the hack in action.

This bypass works on the iPhone 4S, iPhone 4 and iPhone 3GS.

I don't see this as being that much if a big deal, but it's certainly a bug and certainly requires fixing. I'm going to assume it will be fixed in iOS 5.1 or shortly afterwards.

Do you know where YOUR iPhone is?

Topics: Mobile OS, Apple

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

20 comments
Log in or register to join the discussion
  • RE: iOS 5.0.1 bug gives the bad guys access to contacts, make calls and FaceTime

    So was the phone actually locked? It the beginning we see the pin screen and then the pin is entered (0000). I seem to recall that at least 1 minute has to pass between power up cycles before the phone will require a the pin code be entered again. That being the case, this demo actually demonstrates a really hard way to look at the contacts, make phone calls, and use facetime on an unlocked phone.

    I am not saying this does not work with a locked phone, just that the video fails to prove that this exploit works with a locked phone.
    YaBaby
    • RE: iOS 5.0.1 bug gives the bad guys access to contacts, make calls and FaceTime

      @YaBaby

      yes it works....
      danjames2012
      • RE: iOS 5.0.1 bug gives the bad guys access to contacts, make calls and FaceTime

        @danjames2012,

        If you say so, but the level of evidence you provided is even less than that in the video.
        YaBaby
    • RE: iOS 5.0.1 bug gives the bad guys access to contacts, make calls and FaceTime

      @YaBaby Essentially it's a "race condition" in the code, get it as just the right moment and you get into the phone app - and that's where he shows the phone. As soon as you exit that you're back at the lock screen.

      It's a bug. Pure and simple.
      jeremychappell
      • RE: iOS 5.0.1 bug gives the bad guys access to contacts, make calls and FaceTime

        @jeremychappell, agreed it is a bug. However; if the phone was actually locked than in the video all those "missed attempts" would have ended with the lock screen coming up. The fact that the lock screen did not come up proves this bug exhibits itself on an unlocked phone. While the hack may in fact work with a properly locked phone, I am still waiting to see a video of someone actually demonstrating that. My point stands, the video does not demonstrate "winning the race" against the lock screen.
        YaBaby
  • Show of Hands

    OK. So who the hell locks their phone, anyhow?
    Dan Robinson
    • RE: Show of Hands

      @Dan Robinson - Me, for one. I want to protect my corporate email and all of my friends, whose contact information is stored on my iPhone. Don't you? If not, why not?
      davesuff
  • RE: iOS 5.0.1 bug gives the bad guys access to contacts, make calls and FaceTime

    It is a big deal if somebody steals the phone and can get in before the owner realizes it is gone.
    slickjim
  • And am I surprised?

    Typical Apple.
    Gisabun
    • RE: iOS 5.0.1 bug gives the bad guys access to contacts, make calls and FaceTime

      @Gisabun Did you note that the hacker [i]has to have physical access[/i] to the device? (emphasis mine) In other words in this situation the iPhone is just as vulnerable as any other phone... But I guess you missed the part of the article that reads: [b]The bug, which seems to have been first bought to light by iPhoneIslam.com, requires physical access to the handset, and is very involved. [/b]

      Why are you in such a hurry to slam Apple? Try reading the article first.
      athynz
      • RE: iOS 5.0.1 bug gives the bad guys access to contacts, make calls and FaceTime

        @Pete "athynz" Athens
        wrong Pete
        other phones do not allow a way of bypassing the password lock to access the phone in any way. Being able to bypass the password just gives someone incentive to steal it or even to temporarily use it to obtain contact information.
        This is a security flaw and Apple is fully responsible.
        warboat
      • RE: iOS 5.0.1 bug gives the bad guys access to contacts, make calls and FaceTime

        @warboat

        If you have physical access to the device, you can access anything on it. plain simple. Works for ANY device.

        How do you know about other phones not allowing such behavior? Did you give the other device to sufficiently skilled expect to verify your claim? ;-)
        danbi
      • RE: iOS 5.0.1 bug gives the bad guys access to contacts, make calls and FaceTime

        @warboat Nonsense, this kind of bug is not at all uncommon (they get fixed, but they do happen). Seen similar bugs in other phones/computers/devices.

        It actually reminds me a little of how the camera works (feature not bug) in iOS where you can use the camera without needing to unlock the phone, and as soon as you quite the camera app you're back at the lock screen. That is a feature, this is a bug that accidentally exposes similar functionality - but worse as the phone app has access to the contacts database.

        Of course to exploit this you need to know the phone number of the phone as well as physical access to the phone, and this has to happen before the phone is remotely wiped. Still very doable
        jeremychappell
      • RE: iOS 5.0.1 bug gives the bad guys access to contacts, make calls and FaceTime

        @warboat Reread what I wrote - especially the part that reads: "Did you note that the hacker has to have physical access to the device? (emphasis mine) In other words in this situation the iPhone is just as vulnerable as any other phone..."

        I never said that a hacker had to use a password vulnerability for each device - the fact that a hacker has physical access to a device is enough for that hacker to bypass whatever protective means are in place and access the device.

        In other words ANY device can be broken if a hacker has physical access to it. Does that clear up my point for you?
        athynz
      • Why are you always in such a hurry to leap to Apple's defense?

        And lets see proof of your comment that any phone can be hacked if the bad guy has it in his hands.
        Sounds like another "fact" based on bloggers' and responders' offhand comments.
        radleym
  • RE: iOS 5.0.1 bug gives the bad guys access to contacts, make calls and FaceTime

    On a related note, maybe this is why the patent office gave Apple a patent for an otherwise obvious and non-unique functionality (the "Slide to Unlock" patent fiasco). I was wrong- I thought that Apple had been given a patent for an overtly obvious, non-unique functionality. In reality, they got the patent because the result ended up giving free access, rather than protecting the phone. I guess in reality, it was unique. Nobody else fails to protect your asset by placing an obstacle in the way of the legitimate owner, but not for the thief.
    davesuff
    • RE: iOS 5.0.1 bug gives the bad guys access to contacts, make calls and FaceTime

      @davesuff I've seen similar access problems with phones (one case involving 911 calling was the way in). Things aren't always as perfect as you seem to think.
      jeremychappell
  • So what other iOS devices are vulnerable?

    I'm guessing that the CDMA iPhone 4 and 4S, the CDMA and WiFi iPad and iPad 2, and the iTouch probably aren't, since there's no SIM card.
    Champ_Kind
    • RE: iOS 5.0.1 bug gives the bad guys access to contacts, make calls and FaceTime

      @Champ_Kind It looks like you could pull a similar trick with a CDMA iPhone by blocking the signal (pain to do - but...). The iPad would be invulnerable to this as it doesn't have calling (though maybe FaceTime could cause a problem - but it seems more unlikely).
      jeremychappell
  • RE: iOS 5.0.1 bug gives the bad guys access to contacts, make calls and FaceTime

    This hack seem to affect the SIM card which the Verizon iPhone or iPad doesn't have so I don't know or think this hack will work on these models.
    phatkat