No operating system is completely secure, and it appears Apple’s iOS 4.1 is not about to become an exception. A fairly significant security flaw is being reported that allows anyone to bypass the iPhone’s security-protected lockscreen and gain access to the phone app, text messaging, and even look through stored phots. Access to the phone app means it’s possible to make calls, view call history, and look through stored contacts. It’s not the first time the iPhone has had this sort of security issue exposed.
The iPhone’s “passcode lock” feature is designed to prevent anyone from accessing the device without first entering a predetermined passcode. It now looks like key features are accessible to anyone with physical access to an iPhone running the latest firmware – a very frightening thought during a time of year that’s spooky enough already.
The flaw is exposed like this: from the passcode screen select the “emergency call” button, enter a few random numbers, then hit the green call button while simultaneously hitting the “sleep button.” That should immediately bring up the phone app where it becomes possible to make calls and browse through contacts. From there it’s possible to access a phone’s photos by going to the contact list and selecting “share contact” and then “MMS” and then the selecting the camera icon. Accessing and sending text messages is just as easy.
While we only tested for the flaw on a 3GS, it’s been reported that 3Gs and iPhone 4s are vulnerable as well. Apple has yet to comment on the flaw, but we suspect it won’t be long until the issue is addressed in a new firmware upgrade.