iOS 4.1 security flaw allows calls to be made on passcode locked iPhone

It looks as if there's yet another security hole, this time in iOS 4.1 that allows someone to get around a passcode locked iPhone, gain access to the owner's contact list, make calls and send emails to anyone in said contact list.  From MacStories:

"To reproduce the bug, make sure to have a passcode lock turned on and lock your device. In the lockscreen, tap on Emergency Call in the lower left corner. Now type a non-existent emergency number, I tried #946494. Start the call, and as soon as the red button appear hit the sleep button. You’ll be brought to the contact list."

The issue will most-likely get patched by Apple in the 4.2 update coming later this month, but it's not the first time the emergency call screen has been exploited. Both iOS 2.1 and iOS 2.0.2 suffered from passcode lock bugs. Hopefully Apple pays extra attention and really secures this time.

We were able to recreate the issue in the video above.  Any readers out there seeing the same results?  Let us know your thoughts on this in the comments below!


by Andrew Wray


Your source for everything iPhone and iPad. More news, more how-tos, more app and accessory reviews. iMore.

More Posts



← Previously

Does iPad 4.2 mute switch make more sense for iPad 2 with FaceTime?

Next up →

iPad live #27: Dead on Arrival

There are 30 comments. Add yours.

calum86 says:

just recreated it just now, it's a pretty significant flaw i think!

Geo Coldz says:

It's suppose to be like that.
Sent From My Apple TV.

tsb3 says:

I just recreated it, big flaw

Sterbuck says:

How do people find this out?

missveronica33 says:

Recreated it as well, and ended up w/ the same security flaw!

AppleCentric says:

I got it to work too, though it took a few tries to get the sleep button pressed at just the right time. Also, once in to the phone app, I couldn't get out without rebooting my phone (non-jailbroken 3G running iOS 4.1). Scary stuff!

NinjaBreadMan says:

Don't hold it like that. Oh, wait...

Greyscale says:

As old Bill used to say, "It's not a bug, it's a feature!"

Wesley says:

The good thing is that it seems that Apple took car of securing the system, since we're not able to ever leave the app (home button doesn't work and SMS, Maps and even Mail don't start).
A brazilian blog confirmed that this was already fixed on 4.2, we just need to wait 'til november, which is just around the corner.

Wesley says:

Oh, and I've told a friend that tested this on an iPhone 3GS with iOS 4.0, same issue.

Joel says:

Recreated on iPhone 4, 4.1 JB w/ limera1n. Once I got to the phone app I also could not get out with out rebooting. Unlees you complete a call, then it will send you back to your lock screen. No access to anything except phone app. Will dial out but would not let me FaceTime.

Maniacfive says:

Just recreated it, not kidding, complete access to contacts list, recent calls and voicemails!
At first I thought I was stuck in phone screen without rebooting, but a double tap took me back to the enter passcode screen.

iRoo says:

Interesting... It looks like this goes all the way back to 4.0, regardless of the device you're using. I wonder if this reaches as far back as to effect devices running 3.x as well?

woody88 says:

recreated it as well. let's hope they do patch this up in 4.2

Farbod21 says:

They will patch this soon (4.1.1) DO NOT UPDATE if you are JB, as it will likely kill your untethered JB. Make sure your SHSH are saved.

Ezekiel06 says:

Yep. Just did. How people figure this stuff out, I have no idea.

BrianTufo says:

I thought the current JBs were there until a hardware fix?

tarmyg34 says:

Works on my iPhone 4 but not my friends iPhone 3G - both running iOS 4.1

Anth says:

If Jailbroken use AndroidLock XT without a numeric password and this cannot be done.

Glenn#IM says:

Since 911 is the only real emergency number in the states, seems like anything else dialed would auto lock the phone. After so many tries, auto erase all info. Should be easy to fix. Was this found by accident, or what?

Farbod21 says:

@Brian - JB Exploit is unpatchable, userland Exploit that keeps it untethered can be patched however...

carolinamic says:

Cool trick but besides that what's the point. I mean if your phone gets stolen or in the wrong hands of someone they'll probably just erase it.

Edie says:

So cool :D how do you guys end up finding out about this stuff? Is it even possible. that's brilliant. It's probably used for Apple investigations and police :) hm,.. idk(:

Robert says:

Reproduced on my iPhone 4 with iOS 4.0.2 also. So this flaw exists even before 4.1. Scary.

Luis says:

actually i was about to say that this didnt work in the iphone until i tried to do it with the 911 number :P its actually easier

FutureDHughes says:

I was able to recreate it, but it gets stuck in the phone app? Oh, good thing you have the option of remote erase if you ever lose your phone.

USMC says:

I'm sure this was ment to be for emergency purposes. Just incase some1 forgot their passcode. Although people were not supposed to find out about it.

SkaGa says:

Recreated on my iPhone 3GS and you don't have to do a reset of the phone if you just click on someone in your contact list and go to make the call then hit end it brings you back to the locked screen.

Gavin M. Northey says:

You can also edit your (or someone else's contacts) so if it is an ActiveSync connection think of the damage that could be done. You can also access the global directory.

reviews4 says:

Himachal easily surpass all other mound stations in India on the subject of quality holiday time because of variety of tourism things to do.