iOS 4.1 security flaw allows calls to be made on passcode locked iPhone

By IM Staff
last updated

It looks as if there's yet another Phone.app security hole, this time in iOS 4.1 that allows someone to get around a passcode locked iPhone, gain access to the owner's contact list, make calls and send emails to anyone in said contact list.  From MacStories:

"To reproduce the bug, make sure to have a passcode lock turned on and lock your device. In the lockscreen, tap on Emergency Call in the lower left corner. Now type a non-existent emergency number, I tried #946494. Start the call, and as soon as the red button appear hit the sleep button. You’ll be brought to the contact list."

The issue will most-likely get patched by Apple in the 4.2 update coming later this month, but it's not the first time the emergency call screen has been exploited. Both iOS 2.1 and iOS 2.0.2 suffered from passcode lock bugs. Hopefully Apple pays extra attention and really secures Phone.app this time.

We were able to recreate the issue in the video above.  Any readers out there seeing the same results?  Let us know your thoughts on this in the comments below!

[MacStories]

by Andrew Wray

IM Staff
IM Staff

Your source for all things Apple

30 Comments
  • just recreated it just now, it's a pretty significant flaw i think!
  • It's suppose to be like that.
    Sent From My Apple TV.
  • I just recreated it, big flaw
  • How do people find this out?
  • Recreated it as well, and ended up w/ the same security flaw!
  • I got it to work too, though it took a few tries to get the sleep button pressed at just the right time. Also, once in to the phone app, I couldn't get out without rebooting my phone (non-jailbroken 3G running iOS 4.1). Scary stuff!
  • Don't hold it like that. Oh, wait...
  • As old Bill used to say, "It's not a bug, it's a feature!"
  • The good thing is that it seems that Apple took car of securing the system, since we're not able to ever leave the app (home button doesn't work and SMS, Maps and even Mail don't start).
    A brazilian blog confirmed that this was already fixed on 4.2, we just need to wait 'til november, which is just around the corner.
  • Oh, and I've told a friend that tested this on an iPhone 3GS with iOS 4.0, same issue.
  • Recreated on iPhone 4, 4.1 JB w/ limera1n. Once I got to the phone app I also could not get out with out rebooting. Unlees you complete a call, then it will send you back to your lock screen. No access to anything except phone app. Will dial out but would not let me FaceTime.
  • Just recreated it, not kidding, complete access to contacts list, recent calls and voicemails!
    At first I thought I was stuck in phone screen without rebooting, but a double tap took me back to the enter passcode screen.
  • @Wesley
    Interesting... It looks like this goes all the way back to 4.0, regardless of the device you're using. I wonder if this reaches as far back as to effect devices running 3.x as well?
  • recreated it as well. let's hope they do patch this up in 4.2
  • They will patch this soon (4.1.1) DO NOT UPDATE if you are JB, as it will likely kill your untethered JB. Make sure your SHSH are saved.
  • Yep. Just did. How people figure this stuff out, I have no idea.
  • I thought the current JBs were there until a hardware fix?
  • Works on my iPhone 4 but not my friends iPhone 3G - both running iOS 4.1
  • If Jailbroken use AndroidLock XT without a numeric password and this cannot be done.
  • Since 911 is the only real emergency number in the states, seems like anything else dialed would auto lock the phone. After so many tries, auto erase all info. Should be easy to fix. Was this found by accident, or what?
  • @Brian - JB Exploit is unpatchable, userland Exploit that keeps it untethered can be patched however...
  • Cool trick but besides that what's the point. I mean if your phone gets stolen or in the wrong hands of someone they'll probably just erase it.
  • So cool :D how do you guys end up finding out about this stuff? Is it even possible. that's brilliant. It's probably used for Apple investigations and police :) hm,.. idk(:
  • Reproduced on my iPhone 4 with iOS 4.0.2 also. So this flaw exists even before 4.1. Scary.
  • actually i was about to say that this didnt work in the iphone until i tried to do it with the 911 number :P its actually easier
  • I was able to recreate it, but it gets stuck in the phone app? Oh, good thing you have the option of remote erase if you ever lose your phone.
  • I'm sure this was ment to be for emergency purposes. Just incase some1 forgot their passcode. Although people were not supposed to find out about it.
  • Recreated on my iPhone 3GS and you don't have to do a reset of the phone if you just click on someone in your contact list and go to make the call then hit end it brings you back to the locked screen.
  • You can also edit your (or someone else's contacts) so if it is an ActiveSync connection think of the damage that could be done. You can also access the global directory.
  • Himachal easily surpass all other mound stations in India on the subject of quality holiday time because of variety of tourism things to do.