Tuesday, 26 October 2010

October is the iOS security flaw month at the iPhone Fever!

     No, you're not reading an old story. There really is yet another serious iOS security flaw which allows someone to access information on your supposedly password-protected iPhone.
    As the Brazilian fellow in the video above shows, all that you need to do is grab a password-protected iPhone running iOS 4.1, pretend to make an emergency call but dial ### or some other nonsensical number instead, tap the lock button real quick, and tada! You'll have access to the device's contacts, voicemail, call history, voice control and phone features.
    I replicated this trick successfully on  iOS 4.1. When trying this on an iPhone iOS 4.2 Beta 3 I couldn't replicate the security hole. This could mean that Apple is already aware of the flaw and has the fix ready although  this is very similar to the security flaw discovered on the iPhone in 2008 allowed people to easily bypass the lock screen to access mail, contacts and bookmarks. Apple later acknowledged the bug and issued a software update patching the issue.
    If you own an iPhone it's always good to get hold of the latest firmware and find some home-brew methods to flash it as iOS proves to be one of the most vulnerable systems ever built.

Via: Wired.com