iOS 4.1 security flaw allows calls to be made on passcode locked iPhone
It looks as if there's yet another Phone.app security hole, this time in iOS 4.1 that allows someone to get around a passcode locked iPhone, gain access to the owner's contact list, make calls and send emails to anyone in said contact list. From MacStories:
"To reproduce the bug, make sure to have a passcode lock turned on and lock your device. In the lockscreen, tap on Emergency Call in the lower left corner. Now type a non-existent emergency number, I tried #946494. Start the call, and as soon as the red button appear hit the sleep button. You’ll be brought to the contact list."
The issue will most-likely get patched by Apple in the 4.2 update coming later this month, but it's not the first time the emergency call screen has been exploited. Both iOS 2.1 and iOS 2.0.2 suffered from passcode lock bugs. Hopefully Apple pays extra attention and really secures Phone.app this time.
We were able to recreate the issue in the video above. Any readers out there seeing the same results? Let us know your thoughts on this in the comments below!
by Andrew Wray