Print 30 comment(s) - last by DKantUno.. on Oct 28 at 2:51 PM

Anyone can gain access to call history and other private info on iOS 4.1

Commenters on Mac Rumors forums are reporting that Apple's iOS 4.1, the current software running on the iPhone, contains a security loophole that allows anyone who knows the easy trick to bypass the passcode entry screen and gain access to the Phone app.

Here's how it works: At the passcode entry screen, select "Emergency Call." Input any number, hit "Send" and the phone's sleep button in quick, almost simultaneous, succession. You will now have full access to the Phone app, which includes Contacts, Call History, Voicemail, and the Dialer. If you hit "Share Contact" and the camera button, you will also gain access to the Photos app. Simply hitting "Share Contact" or "Email" will allow you to send an e-mail or MMS, Boy Genius adds (see video). And that's about all you can do.

According to The Unofficial Apple Weblog, the loophole doesn't exist on the beta version of iOS 4.2, so it's possible that Apple is already aware of the problem. TUAW also makes the common sense point that the best way to ensure the security of your iPhone (or any other device that may contain sensitive information) is to prevent anyone from gaining physical access.

Then again, iPhone users may not need to worry about someone happening upon their lascivious text messages in the near future, if Apple does indeed implement its recent patent that prevents "sexting".

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By Luticus on 10/26/2010 9:22:56 AM , Rating: 1
And this "apple" platform is better... how?

RE: Platform
By JasonMick on 10/26/2010 9:38:13 AM , Rating: 5
And this "apple" platform is better... how?

It is an iPhone. It is the best phone. I can download apps to it. Its 3G and has the Wi-fiz. can i...umm. I want the one with the bigger GBs!

RE: Platform
By Luticus on 10/26/2010 10:12:52 AM , Rating: 3
yup, it's a candy coated walky talky :)~

I almost didn't know how to repy to that. You summed it up pretty nicely there, i guess if i had to add anything it would be: "but it's so pretty", and "it's the new APPLE! All the cool kids will have it! I WANT IT, I WANT IT, NOW!! GEMMIE IT'S MINE!"

yea, maybe that makes the mac people look a bit greedy but hey... who's keeping score right...

RE: Platform
By marvdmartian on 10/26/2010 2:34:30 PM , Rating: 2
some people do keep score that way....

But remember, it's MAGICAL , so it must be okay, right?

RE: Platform
By Luticus on 10/26/2010 4:30:48 PM , Rating: 2
Apple computers... assembled in Loompaland :-)

Now that's funny! :)

Magic... what a joke.

RE: Platform
By Dark Legion on 10/27/2010 1:36:28 AM , Rating: 2
Ooh, someone hasn't seen it yet =D

By Dr of crap on 10/26/2010 8:46:40 AM , Rating: 2
They can prevent sexting, but allow other text messages with pictures?
And the Mars colony will be ready by December!

RE: ????????
By Shatbot on 10/26/2010 9:12:16 AM , Rating: 5
I need to borrow your phone, it's an emergency.

By warisz00r on 10/26/2010 8:59:21 AM , Rating: 4
But... but it was a FEATURE!

RE: lolwut
By bug77 on 10/26/2010 9:19:57 AM , Rating: 2
I'm sure Apple was about to patent a new way to get an overview of your contacts. And pictures.

Wuts the Fuss about?
By R3T4rd on 10/26/2010 8:48:27 AM , Rating: 2
I just don't get wut is all this fuss about. It is supposed to do so because it just works.

Is this...
By Anoxanmore on 10/26/2010 9:08:31 AM , Rating: 2
Another example of Jobs just letting the tip in? ;)

OK - I tred this out!
By kmmatney on 10/26/2010 12:19:33 PM , Rating: 2
I tried this out on my 3GS. I was able to get into the Phone app and can access the list of contacts, but if I try to actually view a contact, the phone exits to the password screen. I can see the voice mail window, but the phone exits to the password screen if I actually try to listen to a voicemail, or do much of anything else. Its pretty tricky to get the button presses right - I fail at it 9 out of 10 times.

Is it really a Security Hole?
By GWD5318 on 10/26/2010 2:30:03 PM , Rating: 2
Although the software might have a glitch, in this case. However, we all know that most of the time the security problem stems from the "hole" holding the device. Especially where Apple products are concerned.

Meanwhile in the real world.....
By Tony Swash on 10/26/10, Rating: 0
This was a good thing.
By SunAngel on 10/26/10, Rating: -1
RE: This was a good thing.
By R3T4rd on 10/26/2010 9:10:06 AM , Rating: 5
I agree with you that this loop hole was good. Most Apple users are too caught up in looking cool and forget thier passcode but can remember thier own 10 digit phone number but can't remember a 5 digit code - case and point, you're exibit "A". But then most Apple owners have a hard time pressing one button let alone two, so the point is moot.

RE: This was a good thing.
By Shatbot on 10/26/2010 9:40:37 AM , Rating: 1
Ah, how published media continues to destroy the world one reader at a time.

When I find some unpublished media I'll let you know, but by then it'll be too late.

RE: This was a good thing.
By The Raven on 10/26/2010 12:58:28 PM , Rating: 2
Why have a passcode at all then? It would be impossible to lock yourself out of it! Now that would be a feature!!!

I wouldn't want a passcode that I could override. What the hell would be the point? If you are afraid of losing the data, then back it up. Or don't forget the password.

If you are someone who doesn't care about security such as yourself, then use President Scroob's combo. Even a Spaceball wouldn't forget that.

This was a good loop hole, but too bad it had to be published to the web.

If it wasn't published to the web then how would it benefit anyone? "If a tree falls..."

So What Here??
By MDGeek on 10/26/10, Rating: -1
RE: So What Here??
By JasonMick on 10/26/2010 10:11:37 AM , Rating: 5

What is the big deal here? What do you expect when you, willingly or erroneously, handover physical custody of your phone to someone else? It’s not like they gained access to the data remotely.

Remember the Android Wall paper App that sent detailed contacts data to China from Millions of unsuspecting Android phone users (July-2010)? That was a SERIOUS SECURITY BLUNDER than accessing call logs locally.
Here is DT's own article on the subject ---(

The spy Wallpaper was downloaded by "between 1.1 million and 4.6 million” .
And despite that, 47 percent of Android apps STILL collects some sort of user information (without their knowledge).

A bit defensive? Perhaps you should do some reading on the concept of password protection.

Most phones are protected by passwords, e.g. the Android OS phones you mention. That way if your phone is lost, you aren't as f*cked, and can rest assured that your personal information is relatively safe from the average crook.

The Android apps in the article you reference DID NOT collect your voice mail passwords or call history. There was an erroneous report in VentureBeat that suggested as such, but this has since been clarified.

And note that Google swiftly issued a statement and removed the offending apps. Here Apple has done nothing and is pretending the problem doesn't exist. That the key difference between Google and Apple. Google's actions at least show it actually cares about protecting its customers, whereas Apple's actions thus far have indicated that it wouldn't give two ish1ts about its customers' security.

But if you're good with inferior products and service hey, no one's stopping you from embracing your beloved insecure, defect-prone technology and potentially paying the price...

RE: So What Here??
By bug77 on 10/26/10, Rating: -1
RE: So What Here??
By kmmatney on 10/26/2010 12:07:49 PM , Rating: 1
The iPhone was certainly meant for business use, on some scale. My company has been switching over, and its been working out great. Most of us have the phone reset itself if the wrong password is entered too many times.

If this flaw allowed users to access your email, then it would be very bad indeed, but contact and call log info is not so bad. I think the Android phones, with the swipe password are a bit worse, as if the swipe streaks can be on the screen, then you get access to everything.

To be honest, though, if you lose your iPhone, the phone itself is the mnost valuable item to the their. I'm sure they would be most interested in just resetting the device, and reselling it for a nice profit.

RE: So What Here??
By bug77 on 10/26/10, Rating: 0
RE: So What Here??
By Luticus on 10/26/2010 1:15:43 PM , Rating: 2
Nice attempt at trying to sweap a huge security flaw under the rug for apple! :-0

RE: So What Here??
By bug77 on 10/26/2010 5:41:55 PM , Rating: 1
I wasn't trying to sweep anything under the rug. I was just saying, Apple makes money by focusing on stuff that brings money. Security isn't on the top of that list. Just look at the spec sheet or product reviews for any phone: security isn't listed. Why? Because people don't care about it. They say they care, they act shocked when a flaw is found. But who buys a phone based on security?

RE: So What Here??
By Luticus on 10/27/2010 8:47:09 AM , Rating: 2
Security isn't on the top of that list.
I can tell.

Look, the simple fact is that when I buy a phone or any device I’m trusting it to not only work as intended but I’m also trusting it with anything personal that I happen to enter into the device. Clearly these two major facts are currently flawed with the iPhone right now. This isn't to say that apple won't fix it (I’m sure they will), but that in the mean time I’d be keeping a very close eye on my phone if I were an iPhone user. I'm just laughing that their perfect "bug free ultra secure" existence is being exposed for what it is... a complete fabrication!

I give apple crap for things like this because they give windows crap for things like this under the pretense that they don't Mac and Mac products don't have these kinds of problems. Apple tries to portray themselves as elitist and "better" and clearly (as shown here and many times before) apple products are just a man made and just as flawed as everything else out there. All that extra money isn't going to the "quality of the apple product tax", it's going right into apple's pockets as part of their profit margin and this is evidenced by the vast amount of articles I’m seeing that mirror these kinds of issues throughout the apple product line. Yellowed screens, over heating, band aids for signal, failing video cards, security flaws, exploits, jail breaking, and many more! Apple is NOT a Lexus, it's an old jaguar... looks pretty but I’ll be on a tow truck before long.

RE: So What Here??
By B3an on 10/26/2010 10:13:24 AM , Rating: 2
That was an app not made by Google, which does not come on every single phone, and you're not required to download it. Where as this is completely Apples fault, and exists on all 4.1 versions of iOS out of the box. Most of the security issues with iOS in the past have been down to Apple completely.

RE: So What Here??
By Luticus on 10/26/2010 10:27:20 AM , Rating: 5
It's amazing how quick people are to jump all over every security flaw in windows but somthing as fundamental as a broken user log in screen that lets you bypass the system security all together and because it's an iphone it's "no big deal"... really! what if someone stole your phone, huh... that what you want, a theif gets a hold of your phone and now he has all your personal inforamation and can do with the info what he wants. Yay... apple is the greatest!

This is apple "just working".

RE: So What Here??
By DKantUno on 10/28/2010 2:51:58 PM , Rating: 2
I miss balance.

@Apple fanboys - if it's a flaw, it's a flaw.

@Fandroids and Windohzers - Apple makes mistakes. Microsoft makes mistakes. Google makes mistakes. One flaw does not wipe out all the good they have - actually, verifiably - achieved. Microsoft as a business. Apple as a company actually CARING about their software and whether it makes any sense (take one look at iMovie '11 and I dare you to refute that). Google - well, for just "being". :)

@All kinds of fanboys - please don't make the world a depressing place to live for people who call a spade a spade - be it a good spade or a bad one - and those who don't suffer from serious memory retention issues either. If you have to speak, write in your little diary. Don't subject the world (actually, don't subject me - that's all I really care about) to this short-sighted, narrow-minded nonsense. Please, be gone.

"Google fired a shot heard 'round the world, and now a second American company has answered the call to defend the rights of the Chinese people." -- Rep. Christopher H. Smith (R-N.J.)
Related Articles
Apple Granted Patent to Block Sexting
October 13, 2010, 9:30 AM

Latest Headlines
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
The Samsung Galaxy S7
September 14, 2016, 6:00 AM
Apple Watch 2 – Coming September 7th
September 3, 2016, 6:30 AM
Apple says “See you on the 7th.”
September 1, 2016, 6:30 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki