iOS 4.1 Security Hole

Soldato
Joined
17 Jan 2007
Posts
8,944
Location
Manchester
Just a heads up:

At the passcode entry screen, select "Emergency Call." Input any number, hit "Send" and the phone's sleep button in quick, almost simultaneous, succession. You will now have full access to the Phone app, which includes Contacts, Call History, Voicemail, and the Dialer.

http://www.dailytech.com/article.aspx?newsid=19984

I tried it and it works. Don't hold the sleep button, just press it. The screen seemed to freeze for a second but after that it was fine.

Update please, Apple!
 
Yeah, because people intentionally do that all the time..
It's not hard ;) I would think apple would get a update out within a week anyway.

Oh and some people just don't take any care of their phones anyway so..
 
Last edited:
Small price to pay, I'll stay on 4.1 until the next version gets jailbroke.

Just the phone app isn't too big a deal, I'd have it cancelled before they could do any real damage.
 
a fix for this is to download androidlockxt from cydia
this will put the android lock screen up before the apple lockscreen
as long as the theif / person with your phone doesnt crack your android lock pattern they will not get to the emergency / apple lock screen

for those who are not jailbroke, well...... why not, and make sure you dont lose your idevice
 
Stuff like this highlights a need for Apple to get a better patching mechanism for iOS. The fix is probably small, but people are still going to have to make the effort of plugging it into iTunes and applying the update. "Over the air" security updates would be great, and for those worried about data the phone could just wait until it connects to a Wifi network.
 
Stuff like this highlights a need for Apple to get a better patching mechanism for iOS. The fix is probably small, but people are still going to have to make the effort of plugging it into iTunes and applying the update. "Over the air" security updates would be great, and for those worried about data the phone could just wait until it connects to a Wifi network.
Well... the way Apple updates devices wouldn't really make it work. Because you 're-download' the whole OS don't you? Just not a update.

It's slow enough on my Nokia which is only the update - takes bloody years
 
Well... the way Apple updates devices wouldn't really make it work. Because you 're-download' the whole OS don't you? Just not a update.

It's slow enough on my Nokia which is only the update - takes bloody years

Precisely, it's just not a good method for small updates when you have to reload the whole OS. It needs changing imo.
 
Precisely, it's just not a good method for small updates when you have to reload the whole OS. It needs changing imo.

On the other side of the coin however OTA updates could introduce other security holes.

Either way if someone is close enough to your phone to do this then you are ****ed anyway.

Besides, most people don't even have a lock code so doesn't effect me :p
 
That's where mobileme comes in, can't you disable the phone or something -- and track it but thats useless

Have apple addressed the problem or anything?
 
Last edited:
On the other side of the coin however OTA updates could introduce other security holes.

Either way if someone is close enough to your phone to do this then you are ****ed anyway.

Besides, most people don't even have a lock code so doesn't effect me :p

It's not just physical access though is it? What about the JB pdf buffer overflow exploit that could basically own your phone if you so much as followed a link? It won't be the last exploit, and Apple have put themselves in a position where it's difficult to release quick patches. Deploying secure updates is perfectly feasible if done right.
 
Back
Top Bottom