Serious Security Flaw Discovered in iPhone Firmware 2.0.2; Temp Fix Available; Permanent Fix On Its Way [Updated]

BY Jason

Published 27 Aug 2008

Gizmodo is reporting that a member of Mac Rumors forums has discovered a major security flaw in the iPhone firmware 2.0.2 that allows someone to access your data and certain iPhone apps even when you have the passcode lock feature turned on.

Find out more about the security flaw and a workaround to avoid it after the jump.

To replicate the security flaw, follow these instructions:

  • Password Protect your iPhone and lock it.
  • Then Slide to Unlock the iPhone, tap Emergency Call button on the screen where you get an option to enter the passcode and then double tap the home button.
  • If you have not set the home button settings to something else as described in the iPhone tip here, then double tapping the home button takes you to Favorites.

If you thought this was a feature, think again, remember you have not entered the passcode which means that if someone happened to pick up your phone can get access to your Favorites (without knowing the passcode).

It also gives someone access to your address book, the dial keypad, voice mail and by tapping on the blue arrows can get access to the private information of any of the contact entries in Favorites.

Here is where where this flaw becomes a major concern:

Someone can then click on the mail address of the contact to get access to your iPhone’s mail application thus exposing all your emails. Clicking on a URL in your contact gives someone access to iPhone’s Safari browser. Someone can also send text messages to any of the contacts in your address book.

If this has got you worried then here is a simple workaround to fix this security flaw:

1. In the iPhone home, go to Settings.
2. Click on General.
3. Click on Home Button.
4. Click on either "Home" or "iPod".

This way, the double-click on the home button will take the user back
to the unlock screen (if you use "Home") or the iPod screen. Its
recommended to use "Home".

This means that you will lose the ability to quickly access your
favorites for a quick call but
I am sure you will agree that its better than having all your private mails, contacts, and SMS
database exposed.

Mac Rumors is reporting that Apple is already aware of this flaw and a fix is on its way.

"This security flaw was already reported to Apple earlier this month
and has been acknowledged as an issue. A fix will presumably be
included in a future firmware update this security flaw was already
reported to Apple earlier this month and has been acknowledged as an
issue. A fix will presumably be included in a future firmware update."

This security flaw applies to all those who are using iPhone’s passcode lock functionality (Settings -> General -> Passcode Lock) and have updated their iPhone with the latest firmware v2.0.2 which was released by Apple last week.

Update (Aug 28, 2008):

Apple representative, Jennifer Bowcock, said in an email to Macworld:

“The minor iPhone security issue which surfaced this week is fixed in a software update which will be released in September”.

[via Gizmodo and Mac Rumors]


Top iPhone Hacks Categories:

iPhone Applications
Unlock iPhone
JailBreak iPhone
iPhone Tips & Tricks
iPhone Games
iPhone News 


What next?