macnn

08/27/2008, 11:20am, EDT

Wednesday, August 27th

iPhone 2.x vulnerable to easy passcode hack?

The iPhone 2.0 firmware is vulnerable to an unusually easy security bypass, a report claims. Updated iPhones have the option of a four-digit passcode, which in theory should restrict all access to the device's data. The vulnerability manifests through the "Emergency Call" button on the passcode entry screen, meant to allow simple dialing functions regardless of whether the code is remembered.

Simply by selecting Emergency Call and double-tapping the Home button, iPhone users can bring up a favorite contacts list, displaying phone numbers, e-mail addresses and websites. From here it is possible to launch most major iPhone functions, including Mail, SMS, Google Maps and the Safari web browser.

The issue is said to be particularly troublesome because it was previously fixed in the v1.1.3 firmware, having been identified as a known bug by the time of v1.1.2. The only known fix for v2.x is to remove any sensitive favorites.

Filed under: iPhone, security
Other story tags: iPhone 2.0

, 7

7 comments

Reader Reactions (Please use <i></i> for italic text)

subscribe to comments
for this article

Expand All

Global Settings

eggman

"A report claims?"

08/27, 11:27am, EDT

You don't have to hedge an article with noncommittal language like "a report claims" when you can verify the claims yourself by just turning on your iPhone and testing it out for yourself.

If you had done so, you would have found that the claims are absolutely true.

However, you're wrong when you say that the only known fix in 2.0 is to remove sensitive favorites... because it can be fixed by reprogramming the Home key double-click to go to the Home page instead of the favorites page.

Mac Enthusiast

Joined Aug 2002

User is offline

Constable Odo

Sounds like the...

-1

08/27, 11:38am, EDT

proverbial key under the doormat type of security. Well, nobody wants to get completely locked out of their own house. Let's remove all the locks and leave it up to human honesty not to go poking where one doesn't belong.

Fresh-Faced Recruit

Joined Aug 2007

User is offline

testudo

Re: A report claims

-14

08/27, 12:34pm, EDT

when you can verify the claims yourself by just turning on your iPhone and testing it out for yourself.

Well, that's fine, IF YOU OWN AN IPHONE! If you're like 99.99% of the world, you probably don't, and, therefore, can't verify the story.

Fresh-Faced Recruit

Joined Aug 2001

User is offline

expand replies

QualleyIV

testudo...

08/27, 12:52pm, EDT

eggman was obviously referring to the AUTHOR of the story. Maybe you should spend a little more time reading and a little less time flaming...

Fresh-Faced Recruit

Joined Aug 2001

User is offline

chadpengar

re: testudo

08/27, 12:53pm, EDT

Someone at MacNN probably has access to an iPhone.

Fresh-Faced Recruit

Joined Oct 2001

User is offline

testudo

re: testudo

-12

08/27, 2:17pm, EDT

Right, and the author of the story may actually not have an iPhone (not sure why someone would assume that MacNN has access to one).

And if you DON'T HAVE AN IPHONE, you may likely not care!

Unless you run a news website and are posting stories, then you would care, even if you didn't own the product.

Fresh-Faced Recruit

Joined Aug 2001

User is offline

UberFu

and in other news...

08/27, 2:47pm, EDT

Testudo opens his/her mouth simply to hear him/her self speak.

Fresh-Faced Recruit

Joined Oct 2002

User is offline

Your Comments

Not a member of the MacNN forums? Register now for free.

Default Comment View
External Page Links
Comment Threading View