ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

iPhone passcode lock bypass vulnerability (again)

By | October 26, 2010, 8:46am PDT

Summary: An iPhone user has found a trivial way to bypass the four-digit passcode lock on fully patched iPhone (iOS 4.1) devices.

An iPhone user has found a trivial way to bypass the four-digit passcode lock on fully patched iPhone (iOS 4.1) devices.

The vulnerability was posted to MacRumors forum by a New Zealand iPhone user who figured out a sequence of key taps that rendered the passcode useless.

When you iPhone is locked with a passcode tap Emergency Call, then enter a non-emergency number such as ###. Next tap the call button and immediately hit the lock button. It should open up the Phone app where you can see all your contacts, call any number, etc.

I tested this on my fully patched iPhone and can confirm that it works as advertised.

This isn’t the first time the iPhone passcode was disabled by a few key strokes.

ALSO SEE:

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Apple iPhone, Vulnerability, iPhone User, Smart Phones, Consumer Electronics, Personal Technology, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a member of the global research and analysis team. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
38
Comments
Add Your Opinion

Join the conversation!

Just In

RE: iPhone passcode lock bypass vulnerability (again)
FAULKNE 13th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.
View in thread
0 Votes
+ -
And in other news: dog bites man
NonZealot 26th Oct 2010
Apple is utterly incapable to writing secure software. At least this one isn't as bad as when Apple programmed the iPhone to lie to Exchange servers about its encryption capabilities.
0 Votes
+ -
Your screen name is a joke
I12BPhil 26th Oct 2010
@SuperZealot - Tons of tech articles on this website I read daily, you're nowhere to be found. No comments. Every negative Apple article - you're the first one to reply. You sir, are DEFINITELY on the Microsoft payroll!
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
Serton 27th Oct 2010
@I12BPhil
I don't think NonZ man exists. I think the ZDnet writers use this name to get the comment wars started. Why can't you find him in all your reading and why is he the first comment so often?
0 Votes
+ -
But yet you insist on buying their products...
Snooki_smoosh_smoosh 26th Oct 2010
@NonZealot... When reading your posts, I can't help but to laugh.
0 Votes
+ -
And the ZEALOTS Come Marching in Again... hurrah... hurrah haha..
i2fun@... 26th Oct 2010
@NonZealot I love reading reading your posts first thing. Always brightens my day to see the true zealots show their true colors. But you know? They'll defend iCrApple to the death, even when it fails! ..... but hey it's so..... secure that it will allow everyone else in except the owner! haha... :P Thanks NON-zealot! ....oh darn one of 'em flagged your comment for the 50 Millionth time and still nothing happens. It's like the kid crying fire all the fire, so nobody believes him after awhile! lol....
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
Serton 27th Oct 2010
@NonZealot
Those are some really bad-ass programmers, they can make plastic and semi-conductors lie! How do you know the Exchange server isn't lying to the phone? Maybe your computer is lying to you! Maybe I'm lying. You better be careful, there are some pretty good liars out there in the world.
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
lovedong Updated - 12th Sep
great!thank u for sharing^^ replica watches
0 Votes
+ -
Hey!
kd5auq 26th Oct 2010
It's not as bad as the exploding Pinto!
wink
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
PepperdotNet 26th Oct 2010
Well then, here comes 4.1.1 any day now to fix this.

Scratch that - 4.1.1 will kill the current jailbreak vulnerability while this security hole will likely remain unpatched until 4.1.2 or 4.2.

Meanwhile, I expect somebody like @chpwn or @comex will release a fix on Cydia long before Apple gets around to fixing it.
0 Votes
+ -
Just the Phone app
RealNonZealot 26th Oct 2010
The article doesn't mention it, but this just gives you access to the Phone app, nothing else on the phone, and if you're that worried about it then turn off the ability to make Emergency Calls from the lock screen.

Definitely a serious bug, however, and Apple needs to get their act together with testing the security of that lock page (as well as the rest of iOS)...it's been bugged way too many times.
0 Votes
+ -
Unlocks but you still can't call.
jimgoda@... 26th Oct 2010
@RealNonZealot I yried it and the phone unlocked to the phone app. Then I tried to dial a number. The number was accepted, but the call would not go out. I kept getting trhe "emergency call only" message. iPhone 3gs, IOS 4.10.
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
Liftnbuddy 31st Oct 2010
@jimgoda@... Works on mine 3GS. Could get through to contacts and dial any of the numbers in the contacts list
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
JeffreyD26 26th Oct 2010
@RealNonZealot : There is not an option to turn off Emergency Calling
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
andjoh 26th Oct 2010
Now the worlds going to know because ZDNet has just published it. Tomorrows article will be about my pin number to my VISA right after I email it to them? NOT!!!
0 Votes
+ -
PIN Number
voyager529 26th Oct 2010
@andjoh
let me guess...it's 12345.
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
knechod 26th Oct 2010
@voyager529
That's the same as my luggage!
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
PollyProteus 26th Oct 2010
@knechod

Spaceballs!!!!
0 Votes
+ -
All iCrAppleholics use 12345 silly!
i2fun@... 26th Oct 2010
@voyager529 haha..... it's the only thing they can remembers! grin
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
slahr 26th Oct 2010
Took a while to get it to work, but I can confirm that it does unlock your contact list and allow you to make phone calls. The rest of the phone and apps remain locked. Pretty bad bug for people who leave their phones laying around.
0 Votes
+ -
Doesn't seem to work for me
Zem Black 26th Oct 2010
I have a 3GS. Can't seem to get it passed the lock screen and it tells me that it's only good for emergency calls. Anything else I try sends me back to the security code screen. Perhaps it's only a problem on iPhone 4?
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
Evldude 26th Oct 2010
@Zem Black
Works on my 3GS, I just tried it and was able to call my land line without any problems. I'm running 4.1
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
Zem Black 26th Oct 2010
@Evldude
Hmmm. Well, now I feel like an idiot. Still can't get it to work. I enter a number, press call, and almost instantaneously it tells me that it's only for emergency calls. I don't have a "lock" button, but I'm also not using a 4 digit code.
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
rhonin 26th Oct 2010
@Zem Black
JFTHOI I put my sim back into my 3GS on 4.1
Using an 8 character pin lock (3GS + Exchange Server)) and it works.
Can also make calls....
I can also access my photo's via my contacts.
Hmmmmmm....
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
RStewart@... Updated - 26th Oct 2010
I've tried on the 3G model and cant get this bypass to work. Like others reporting on the post I get the "emergency calls only" and returned to the screen.. will keep tinkering with it..
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
GTGeek88 26th Oct 2010
This does not work on my 3GS with iOS 4.1. Since some people got it to work and some didn't, it would appear that there are some conditions that cause the security to fail. This article shows an iPhone 3G (or GS), but doesn't really say what phone they tried it on. Are other apps running? I the Phone app already running? Who knows? We need more details . . .
0 Votes
+ -
Still doesn't work for me
jimgoda@... 26th Oct 2010
Since my 1st comment, I've tried many more times. Still can;t place a call. I'm feeling like this is a scam?
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
lelandhendrix@... 26th Oct 2010
@jimgoda@... I can't make it work either.
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
jm001 27th Oct 2010
I tried it and yes you can make calls on the iPhone 4. You can also add a contact, edit contacts, edit favorites, clear recents and check voicemail. You can't facetime NOR can you get out of the contact screen and access the other apps. Once your call is done it kicks you back into the pass code screen. It's a security bug all right, but this is only if someone gets access to your iPhone. Don't lose your phone or leave it lying around unattended in public. If you have a habit of leaving it lying around in public you shouldn't own one. That goes for any cell phone.
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
Pete "athynz" Athens 28th Oct 2010
I've tried it several times with my iPhone 3G running iOS 4.1 and every single time it tells me that it's for emergency calls only and takes me back to the login screen. Perhaps this is an iPhone 4 only issue?
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
jfreedle2@... 6th Nov 2010
You have to love Apple's total lack of quality and security. One of these days people will realize that Apple does not produce quality products.
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
MACKENZI 11th Sep
I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate! nccma cooler
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
PEARLINEI 12th Sep
I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post. this thread is amazing i like your work and i appreciate you that you have share a useful stuff thanks for sharing the i shop abatwa
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
RHIANNONA 13th Sep
I used to be more than happy to seek out this internet-site.I wanted to thanks in your time for this glorious read!! I positively enjoying each little bit of it and I have you bookmarked to check out new stuff you weblog post.Bookmarking now thanks please consider a follow up post. power sa shop
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
SATURNINA 14th Sep
I think the representation of this article is actually superb one. This is my first visit to your site. Thanks a lot and keep sharing the information. Keep updating the information for all of us. Thanks ZDNet Government was launched as the brand's first industry vertical, with a mission to cater to IT professionals in the public secto I agree with your post. However, do you have any sources I can cite for my paper wheel car com bury
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
TOCCAR 25th Sep
Well welcome, hopefully you can become a vital member of the community and really help to push far ahead of google. Which Im sure the development team would love. This will of course earn you alot points too and get you on the leaders board. z d n e t t h a n k Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas.
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
MCKNIGH 26th Sep
Thanks nice info z d n e t I really liked your current article write more..let me add you to its favorite The articles you have on zdnet s i t e are always so enjoyable to read. Good work and I bookmarked it.
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
MEJIAHA 30th Sep
Fantastic news about the new release.I positively enjoying each little bit of it and I have you b o o k m a r k e d to check out new stuff you weblog post.Im not sure i come to an agreement with you on every level, howevor it absolutely was a good posting, many thanks for taking the time to put up your ideas
0 Votes
+ -
RE: iPhone passcode lock bypass vulnerability (again)
FAULKNE 13th Oct
Good day to confirm this comment I would appreciate T h e b e s t o f Z D N e t d e l i v e r e d your website very nice to everyone Yes, Oracle is the only one with shared-disk architecture, but that is there advantage. It means you can add or remove nodes and the database lives on. In a shared nothing architecture, if you lose a node, you lose the system. I'm sure Oracle appreciates EMC highlighting their advantage.I also desire to signal in your RSS feeds. Thank you as soon as once again and maintain up the great operate Awesome post! Thank you very much || thanks for nice content this is really benefit to me.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix