iPhone passcode lock bypass vulnerability (again)

iPhone passcode lock bypass vulnerability (again)

Summary: An iPhone user has found a trivial way to bypass the four-digit passcode lock on fully patched iPhone (iOS 4.1) devices.

SHARE:

An iPhone user has found a trivial way to bypass the four-digit passcode lock on fully patched iPhone (iOS 4.1) devices.

The vulnerability was posted to MacRumors forum by a New Zealand iPhone user who figured out a sequence of key taps that rendered the passcode useless.

When you iPhone is locked with a passcode tap Emergency Call, then enter a non-emergency number such as ###. Next tap the call button and immediately hit the lock button. It should open up the Phone app where you can see all your contacts, call any number, etc.

I tested this on my fully patched iPhone and can confirm that it works as advertised.

This isn't the first time the iPhone passcode was disabled by a few key strokes.

ALSO SEE:

Topics: Security, Hardware, iPhone, Mobility, Smartphones

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

29 comments
Log in or register to join the discussion
  • And in other news: dog bites man

    Apple is utterly incapable to writing secure software. At least this one isn't as bad as when Apple programmed the iPhone to [b]lie[/b] to Exchange servers about its encryption capabilities.
    NonZealot
    • Your screen name is a joke

      @SuperZealot - Tons of tech articles on this website I read daily, you're nowhere to be found. No comments. Every negative Apple article - you're the first one to reply. You sir, are DEFINITELY on the Microsoft payroll!
      I12BPhil
      • RE: iPhone passcode lock bypass vulnerability (again)

        @I12BPhil
        I don't think NonZ man exists. I think the ZDnet writers use this name to get the comment wars started. Why can't you find him in all your reading and why is he the first comment so often?
        Serton
    • But yet you insist on buying their products...

      @NonZealot... When reading your posts, I can't help but to laugh.
      Snooki_smoosh_smoosh
    • And the ZEALOTS Come Marching in Again... hurrah... hurrah haha..

      @NonZealot I love reading reading your posts first thing. Always brightens my day to see the true zealots show their true colors. But you know? They'll defend iCrApple to the death, even when it fails! ..... but hey it's so..... secure that it will allow everyone else in except the owner! haha... :P Thanks NON-zealot! ....oh darn one of 'em flagged your comment for the 50 Millionth time and still nothing happens. It's like the kid crying fire all the fire, so nobody believes him after awhile! lol....
      i2fun@...
    • RE: iPhone passcode lock bypass vulnerability (again)

      @NonZealot
      Those are some really bad-ass programmers, they can make plastic and semi-conductors lie! How do you know the Exchange server isn't lying to the phone? Maybe your computer is lying to you! Maybe I'm lying. You better be careful, there are some pretty good liars out there in the world.
      Serton
  • Hey!

    It's not as bad as the exploding Pinto!
    ;-)
    kd5auq
  • RE: iPhone passcode lock bypass vulnerability (again)

    Well then, here comes 4.1.1 any day now to fix this.

    Scratch that - 4.1.1 will kill the current jailbreak vulnerability while this security hole will likely remain unpatched until 4.1.2 or 4.2.

    Meanwhile, I expect somebody like @chpwn or @comex will release a fix on Cydia long before Apple gets around to fixing it.
    PepperdotNet
  • Just the Phone app

    The article doesn't mention it, but this just gives you access to the Phone app, nothing else on the phone, and if you're that worried about it then turn off the ability to make Emergency Calls from the lock screen.

    Definitely a serious bug, however, and Apple needs to get their act together with testing the security of that lock page (as well as the rest of iOS)...it's been bugged way too many times.
    RealNonZealot
    • Unlocks but you still can't call.

      @RealNonZealot I yried it and the phone unlocked to the phone app. Then I tried to dial a number. The number was accepted, but the call would not go out. I kept getting trhe "emergency call only" message. iPhone 3gs, IOS 4.10.
      jimgoda@...
      • RE: iPhone passcode lock bypass vulnerability (again)

        @jimgoda@... Works on mine 3GS. Could get through to contacts and dial any of the numbers in the contacts list
        Liftnbuddy
    • RE: iPhone passcode lock bypass vulnerability (again)

      @RealNonZealot : There is not an option to turn off Emergency Calling
      JeffreyD26
  • RE: iPhone passcode lock bypass vulnerability (again)

    Now the worlds going to know because ZDNet has just published it. Tomorrows article will be about my pin number to my VISA right after I email it to them? NOT!!!
    andjoh
    • PIN Number

      @andjoh
      let me guess...it's 12345.
      voyager529
      • RE: iPhone passcode lock bypass vulnerability (again)

        @voyager529
        That's the same as my luggage!
        knechod
      • RE: iPhone passcode lock bypass vulnerability (again)

        @knechod

        Spaceballs!!!!
        PollyProteus
      • All iCrAppleholics use 12345 silly! :O

        @voyager529 haha..... it's the only thing they can remembers! :D
        i2fun@...
  • RE: iPhone passcode lock bypass vulnerability (again)

    Took a while to get it to work, but I can confirm that it does unlock your contact list and allow you to make phone calls. The rest of the phone and apps remain locked. Pretty bad bug for people who leave their phones laying around.
    slahr
  • Doesn't seem to work for me

    I have a 3GS. Can't seem to get it passed the lock screen and it tells me that it's only good for emergency calls. Anything else I try sends me back to the security code screen. Perhaps it's only a problem on iPhone 4?
    Zem Black
    • RE: iPhone passcode lock bypass vulnerability (again)

      @Zem Black
      Works on my 3GS, I just tried it and was able to call my land line without any problems. I'm running 4.1
      Evldude