Daily cyber threats and internet security news: network security, online safety and latest security alerts
August 28th, 2008

Simple Method Allows iPhone Passcode Lock To Be Bypassed

According to ZDNet, the feature which lets users set a four-digit pincode to limit access to the device, can be easily bypassed with a few finger taps on the iPhone to give an intruder access to sensitive information.

Here are the steps to exploit this vulnerability (requires physical access to a passcode-protected device) to access the phone, e-mail and SMS messages, Google Maps and the full Safari browser:

Set up a passcode lock (Settings > General > Passcode Lock and enter a 4-digit passcode. iPhone then requires you to enter the passcode to unlock it).

Set up contacts in address book with e-mail address, phone numbers and Web sites.

Turn off/on iPhone and move slider to get to “Enter Passcode” screen.

Tap “Emergency Call” button (buttom left).

Double tap home button.

This pulls up all contacts in the Favorites list.

Tap on the blue arrow next to contact’s name to get full access to e-mail, SMS, Safari, etc.

This particular vulnerability was fixed by Apple for iPhone v1.1.3 and iPod touch v1.1.3 back in January this year, but the issue affects iPhone and iPod Touch 2.0, which means the January fix never made it into the newer versions of the software.

As a workaround, users should remove all Favorites until Apple ships a proper fix. Another method would be setting your home button “Settings->General->Home Button” to “Home”.

Share this item with others:

More on CyberInsecure:
  • 12 Security Vulnerabilities Fixed In Apple iPhone OS 2.2 Update
  • iPhone 2.0 Unlocked Before The Release
  • SpyPhone iPhone App Can Silently Harvest And Email Personal Data
  • iPhone Feature Discovered By Hacker Allows Apple To Remotely Disable Unwanted Apps
  • Basic Flaws Allow Phishing And Spamming Vulnerabilities In iPhone

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Simple Method Allows iPhone Passcode Lock To Be Bypassed

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.