backtop


Print 30 comment(s) - last by DKantUno.. on Oct 28 at 2:51 PM


  (Source: Mibz.com)
Anyone can gain access to call history and other private info on iOS 4.1

Commenters on Mac Rumors forums are reporting that Apple's iOS 4.1, the current software running on the iPhone, contains a security loophole that allows anyone who knows the easy trick to bypass the passcode entry screen and gain access to the Phone app.

Here's how it works: At the passcode entry screen, select "Emergency Call." Input any number, hit "Send" and the phone's sleep button in quick, almost simultaneous, succession. You will now have full access to the Phone app, which includes Contacts, Call History, Voicemail, and the Dialer. If you hit "Share Contact" and the camera button, you will also gain access to the Photos app. Simply hitting "Share Contact" or "Email" will allow you to send an e-mail or MMS, Boy Genius adds (see video). And that's about all you can do.

According to The Unofficial Apple Weblog, the loophole doesn't exist on the beta version of iOS 4.2, so it's possible that Apple is already aware of the problem. TUAW also makes the common sense point that the best way to ensure the security of your iPhone (or any other device that may contain sensitive information) is to prevent anyone from gaining physical access.

Then again, iPhone users may not need to worry about someone happening upon their lascivious text messages in the near future, if Apple does indeed implement its recent patent that prevents "sexting".



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

So What Here??
By MDGeek on 10/26/2010 9:36:07 AM , Rating: -1
What is the big deal here? What do you expect when you, willingly or erroneously, handover physical custody of your phone to someone else? It’s not like they gained access to the data remotely.

Remember the Android Wall paper App that sent detailed contacts data to China from Millions of unsuspecting Android phone users (July-2010)? That was a SERIOUS SECURITY BLUNDER than accessing call logs locally.
Here is DT's own article on the subject ---(http://www.dailytech.com/Android+Wallpaper+App+Sto...

The spy Wallpaper was downloaded by "between 1.1 million and 4.6 million” .
And despite that, 47 percent of Android apps STILL collects some sort of user information (without their knowledge).




RE: So What Here??
By JasonMick (blog) on 10/26/2010 10:11:37 AM , Rating: 5
quote:

What is the big deal here? What do you expect when you, willingly or erroneously, handover physical custody of your phone to someone else? It’s not like they gained access to the data remotely.

Remember the Android Wall paper App that sent detailed contacts data to China from Millions of unsuspecting Android phone users (July-2010)? That was a SERIOUS SECURITY BLUNDER than accessing call logs locally.
Here is DT's own article on the subject ---(http://www.dailytech.com/Android+Wallpaper+App+Sto...

The spy Wallpaper was downloaded by "between 1.1 million and 4.6 million” .
And despite that, 47 percent of Android apps STILL collects some sort of user information (without their knowledge).


A bit defensive? Perhaps you should do some reading on the concept of password protection.

Most phones are protected by passwords, e.g. the Android OS phones you mention. That way if your phone is lost, you aren't as f*cked, and can rest assured that your personal information is relatively safe from the average crook.

The Android apps in the article you reference DID NOT collect your voice mail passwords or call history. There was an erroneous report in VentureBeat that suggested as such, but this has since been clarified.

And note that Google swiftly issued a statement and removed the offending apps. Here Apple has done nothing and is pretending the problem doesn't exist. That the key difference between Google and Apple. Google's actions at least show it actually cares about protecting its customers, whereas Apple's actions thus far have indicated that it wouldn't give two ish1ts about its customers' security.

But if you're good with inferior products and service hey, no one's stopping you from embracing your beloved insecure, defect-prone technology and potentially paying the price...


RE: So What Here??
By bug77 on 10/26/10, Rating: -1
RE: So What Here??
By kmmatney on 10/26/2010 12:07:49 PM , Rating: 1
The iPhone was certainly meant for business use, on some scale. My company has been switching over, and its been working out great. Most of us have the phone reset itself if the wrong password is entered too many times.

If this flaw allowed users to access your email, then it would be very bad indeed, but contact and call log info is not so bad. I think the Android phones, with the swipe password are a bit worse, as if the swipe streaks can be on the screen, then you get access to everything.

To be honest, though, if you lose your iPhone, the phone itself is the mnost valuable item to the their. I'm sure they would be most interested in just resetting the device, and reselling it for a nice profit.


RE: So What Here??
By bug77 on 10/26/10, Rating: 0
RE: So What Here??
By Luticus on 10/26/2010 1:15:43 PM , Rating: 2
Nice attempt at trying to sweap a huge security flaw under the rug for apple! :-0


RE: So What Here??
By bug77 on 10/26/2010 5:41:55 PM , Rating: 1
I wasn't trying to sweep anything under the rug. I was just saying, Apple makes money by focusing on stuff that brings money. Security isn't on the top of that list. Just look at the spec sheet or product reviews for any phone: security isn't listed. Why? Because people don't care about it. They say they care, they act shocked when a flaw is found. But who buys a phone based on security?


RE: So What Here??
By Luticus on 10/27/2010 8:47:09 AM , Rating: 2
quote:
Security isn't on the top of that list.
I can tell.

Look, the simple fact is that when I buy a phone or any device I’m trusting it to not only work as intended but I’m also trusting it with anything personal that I happen to enter into the device. Clearly these two major facts are currently flawed with the iPhone right now. This isn't to say that apple won't fix it (I’m sure they will), but that in the mean time I’d be keeping a very close eye on my phone if I were an iPhone user. I'm just laughing that their perfect "bug free ultra secure" existence is being exposed for what it is... a complete fabrication!

I give apple crap for things like this because they give windows crap for things like this under the pretense that they don't Mac and Mac products don't have these kinds of problems. Apple tries to portray themselves as elitist and "better" and clearly (as shown here and many times before) apple products are just a man made and just as flawed as everything else out there. All that extra money isn't going to the "quality of the apple product tax", it's going right into apple's pockets as part of their profit margin and this is evidenced by the vast amount of articles I’m seeing that mirror these kinds of issues throughout the apple product line. Yellowed screens, over heating, band aids for signal, failing video cards, security flaws, exploits, jail breaking, and many more! Apple is NOT a Lexus, it's an old jaguar... looks pretty but I’ll be on a tow truck before long.


RE: So What Here??
By B3an on 10/26/2010 10:13:24 AM , Rating: 2
That was an app not made by Google, which does not come on every single phone, and you're not required to download it. Where as this is completely Apples fault, and exists on all 4.1 versions of iOS out of the box. Most of the security issues with iOS in the past have been down to Apple completely.


RE: So What Here??
By Luticus on 10/26/2010 10:27:20 AM , Rating: 5
It's amazing how quick people are to jump all over every security flaw in windows but somthing as fundamental as a broken user log in screen that lets you bypass the system security all together and because it's an iphone it's "no big deal"... really! what if someone stole your phone, huh... that what you want, a theif gets a hold of your phone and now he has all your personal inforamation and can do with the info what he wants. Yay... apple is the greatest!

This is apple "just working".


RE: So What Here??
By DKantUno on 10/28/2010 2:51:58 PM , Rating: 2
I miss balance.

@Apple fanboys - if it's a flaw, it's a flaw.

@Fandroids and Windohzers - Apple makes mistakes. Microsoft makes mistakes. Google makes mistakes. One flaw does not wipe out all the good they have - actually, verifiably - achieved. Microsoft as a business. Apple as a company actually CARING about their software and whether it makes any sense (take one look at iMovie '11 and I dare you to refute that). Google - well, for just "being". :)

@All kinds of fanboys - please don't make the world a depressing place to live for people who call a spade a spade - be it a good spade or a bad one - and those who don't suffer from serious memory retention issues either. If you have to speak, write in your little diary. Don't subject the world (actually, don't subject me - that's all I really care about) to this short-sighted, narrow-minded nonsense. Please, be gone.


"Nowadays, security guys break the Mac every single day. Every single day, they come out with a total exploit, your machine can be taken over totally. I dare anybody to do that once a month on the Windows machine." -- Bill Gates

Related Articles
Apple Granted Patent to Block Sexting
October 13, 2010, 9:30 AM













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki