Glitch in Apple's iOS 4.1 allows iPhone access without passcode
As detailed by Engadget, the glitch can be accomplished on any model locked iPhone running iOS 4.1. Users can access the handset's phone application by dialing a random number from the "Emergency Call" button on the iPhone lock screen, and quickly pressing the lock button after dialing that call.
Upon pressing the hardware lock button atop the iPhone, a user can then access the call history, voicemail and address book on the phone. The glitch works on the iPhone 3G, iPhone 3GS and iPhone 4.
Once in the phone application, neither the lock or home buttons work, and the handset can only be returned to the lock screen by attempting to place a call. However, users can also hold down the home button to access voice control and play music from the iPod application.
Selecting "share contact" and then choosing the camera icon also allows users to view the photo album on the iPhone without having properly unlocked the device with the secure passcode.
The report noted that the glitch is also functional in early beta builds of iOS 4.2. Apple's forthcoming software update for the iPhone, iPod touch and iPad is set for release sometime in November.
46 Comments
Tried it last night on the wife's phone, works perfect. It is not full access but you can make calls, look at the address book and some other stuff. Tried it on my 3G 3.1.3 Jailbroken iPhone and it does not work.
Wow, that's specific, makes me wonder if Microsoft or Google don't have bunch of guys working 24-hours a day trying to find weird little quirks like this. Let the conspiracy theories begin!
This bug doesn't concern me to much, if someone takes my phone & is dumb enough to try & then use it, great! I can find them on GPS as long as the phone is turned on!
I’d think that after the last such glitch and their focus on security on the iPhone in general that they’d have put a little more attention into the Emergency Call option of the Lock Screen.
Looks like 4.1.1 is coming this week! Prepare for +500MB update.
As someone who keeps his phone locked, this is disturbing -- particularly after my wife lost her phone in a restaurant. I love the remote-wipe ability, but it only works when the phone is on the network -- hers never seemed to come back online.
At the risk of turning this into an iPhone wish list, there are some other things I'd like to see "fixed":
ICE: It would be fantastic if emergency response personnel could access the ICE (In Case of Emergency) number in the address book without needing the phone's unlock code. Apple could add a button to the unlock screen that displays the ICE record (and only that record) from the address book. Just providing a "Dial ICE" button wouldn't work because there's no guarantee the iPhone will be able to make a cell connection.
EMAIL RINGTONES: I would love to assign a custom ringtone to my boss's email address so I never miss his emails. I get a few hundred emails a day, and would love to not have to pick up and unlock my phone to check emails every 2 minutes.
EMAIL PROFILES: I know this is a geeky Enterprise thing with a limited prospective user base, but I have to ask...I'd like to be able to set up schedule-based ringtone profiles. For example, between 12am and 5am I don't want to hear my email chirp unless it's A) my boss or B) high-important messages or messages from select email accounts. Yes, the schedule is important -- it's annoying having to turn email sounds of and on twice a day, and when I forget to turn them back on I can miss real emergencies.