Gigantic Security Flaw Uncovered in 2.0.2 (updated)


Gizmodo has uncovered what can only be described as a gigantic, huge, and completely embarrassing security flaw on the iPhone.

If you have your iPhone 'locked,' it can be circumvented very easily with very little trickery aside. On the 'lock' screen, you can still make an emergency call. When you tap that, you can then double-tap the home button to bring up your favorites (assuming you have that set).

The issue is that your favorites are basically the keys to the kingdom. You can tap the blue arrow next to a favorite to gain access to a contact's information. From there, you can further tap email, a url, or sms to gain access to email, Safari and your bookmarks, or all of your SMSes, respectively.

Rene notes in an email that this is reminiscent of the old PalmOS bug wherein you could still search the device while it was locked. This, though, this is definitely worse.

Thankfully, Apple has the best ROM update system in the entire smartphone industry -- able to push out updates to every iPhone via iTunes with minimal carrier delays. Let's hope we see 2.0.3 very soon. Meanwhile Giz recommends you set that double-tap behavior to either 'Home' or 'iPod' to temporarily fix the issue.

Of course, this only applies to people who actually use the lock function on their iPhones, the rest of us just live dangerously.

Update: Macrumors reports that Apple is aware of the issue and has a fix on the way:

[...]this security flaw was already reported to Apple earlier this month and has been acknowledged as an issue. A fix will presumably be included in a future firmware update

Have something to say about this story? Leave a comment! Need help with something else? Ask in our forums!

Dieter Bohn

Dieter Bohn is former editor-in-chief of Smartphone Experts, writing across iMore, Windows Phone Central, Android Central, and more. You can find him on Twitter (and everywhere else) @backlon.

More Posts



← Previously

AT&T Releases New (Still Expensive) Roaming Data Plans

Next up →

iPhone Analyst vs. Magic 8-Ball: Munster and Rose Edition

Reader comments

Gigantic Security Flaw Uncovered in 2.0.2 (updated)


To avoid this all you have to do is shut the double tap of the home button to something other than your favorites. Then you will not be able to access any information.

This is a pretty colossal blunder from a security standpoint, but it happens to even the best engineers (no QA dept. can ever catch what a million+ users pounding away will quickly discover). Like Dieter says, tho, Apple has the fastest patch engine on the mobile planet at this point.
Off to implement the workaround...

?THUMBS UP SO JUSTIN WILL SEE THIS!!!?. I believe omoesne will read it. My name is Colin,. AND I COVER SONGS!!!. ive decided that maybe i could get noticed and get a few subscribers from this. we all have dreams and my dream is that hopefully JUSTIN listens to ONE of my covers, all it takes is a thumbs up that's all it takes . If you can help a little dreamer, the THUMBS UP' button might make JUSTIN BIEBER notice my message. Thank you so much it really means the world to me!.