GreenMyMac discovered and published a security vulnerability for iPhone 2.0.x at MacRumours last night. The security flaw affects iPhone users who use the password protect feature when locking their keypad, but using this very simple trick gives anyone full access to your cell phone’s private information in Mail, SMS, Contacts, and even Safari.
To recreate this exploit yourself, password protect your phone and lock it. Next slide to unlock and do the following:
- Tap emergency call.
- Double tap the home button.
You should now be in your favorites. Seems like a convenient feature feature at first, but the security problem here is scary. Anyone who picks up your iPhone can make a call to anyone in your favorites and can access their address and for some service providers this will let a stranger access your voice mail.
Let’s go a little further down the rabbit hole now:
- If you click in a mail address, it will give you full access to the Mail application. All your mail will be exposed.
- If there’s a URL in your contact (or in a mail message) you can click on it and have full access to Safari.
- If you click on send text message in a contact, it will give you full access to all your SMS.
Until Apple addresses this security threat, there is an easy work around to secure your personal information.
- In ‘Settings’, select ‘General’.
- Select ‘Home Button’.
- Select either ‘Home’ or ‘iPod’
not much of a real security issue here since most ppl dont even enable password lock. simple solution was stated above to fix this… well limit access not fix. if you really care then use lockdown to lock your phone
btw, when security issues are exploited… thats when they “become” security issues. theres a few 100 ppl without any knowledge whom will now be able to pick up somebodys phone and start using it… hell tommorrow at work im going to read everybodys text messages maybe send a few of my own to the wrong ppl lol