Gigantic Security Flaw Uncovered in 2.0.2 (updated)
Gizmodo has uncovered what can only be described as a gigantic, huge, and completely embarrassing security flaw on the iPhone.
If you have your iPhone 'locked,' it can be circumvented very easily with very little trickery aside. On the 'lock' screen, you can still make an emergency call. When you tap that, you can then double-tap the home button to bring up your favorites (assuming you have that set).
The issue is that your favorites are basically the keys to the kingdom. You can tap the blue arrow next to a favorite to gain access to a contact's information. From there, you can further tap email, a url, or sms to gain access to email, Safari and your bookmarks, or all of your SMSes, respectively.
Rene notes in an email that this is reminiscent of the old PalmOS bug wherein you could still search the device while it was locked. This, though, this is definitely worse.
Thankfully, Apple has the best ROM update system in the entire smartphone industry -- able to push out updates to every iPhone via iTunes with minimal carrier delays. Let's hope we see 2.0.3 very soon. Meanwhile Giz recommends you set that double-tap behavior to either 'Home' or 'iPod' to temporarily fix the issue.
Of course, this only applies to people who actually use the lock function on their iPhones, the rest of us just live dangerously.
Update: Macrumors reports that Apple is aware of the issue and has a fix on the way:
[...]this security flaw was already reported to Apple earlier this month and has been acknowledged as an issue. A fix will presumably be included in a future firmware update