Text Size

iPhone 2.x vulnerable to easy passcode hack?

updated 11:20 am EDT, Wed August 27, 2008

iPhone 2.x passcode hack

The iPhone 2.0 firmware is vulnerable to an unusually easy security bypass, a report claims. Updated iPhones have the option of a four-digit passcode, which in theory should restrict all access to the device's data. The vulnerability manifests through the "Emergency Call" button on the passcode entry screen, meant to allow simple dialing functions regardless of whether the code is remembered.

Simply by selecting Emergency Call and double-tapping the Home button, iPhone users can bring up a favorite contacts list, displaying phone numbers, e-mail addresses and websites. From here it is possible to launch most major iPhone functions, including Mail, SMS, Google Maps and the Safari web browser.

The issue is said to be particularly troublesome because it was previously fixed in the v1.1.3 firmware, having been identified as a known bug by the time of v1.1.2. The only known fix for v2.x is to remove any sensitive favorites.

 
Previous Comments

"A report claims?"

08/27, 11:27am reply

You don't have to hedge an article with noncommittal language like "a report claims" when you can verify the claims yourself by just turning on your iPhone and testing it out for yourself.

If you had done so, you would have found that the claims are absolutely true.

However, you're wrong when you say that the only known fix in 2.0 is to remove sensitive favorites... because it can be fixed by reprogramming the Home key double-click to go to the Home page instead of the favorites page.

eggman

Mac Enthusiast

Joined: Aug 2002

+4

Sounds like the...

08/27, 11:38am reply

proverbial key under the doormat type of security. Well, nobody wants to get completely locked out of their own house. Let's remove all the locks and leave it up to human honesty not to go poking where one doesn't belong.

Constable Odo

Fresh-Faced Recruit

Joined: Aug 2007

-1

Comment buried. Show

Re: A report claims

08/27, 12:34pm (1 reply) reply

when you can verify the claims yourself by just turning on your iPhone and testing it out for yourself.

Well, that's fine, IF YOU OWN AN IPHONE! If you're like 99.99% of the world, you probably don't, and, therefore, can't verify the story.

testudo

Fresh-Faced Recruit

Joined: Aug 2001

-14

testudo...

08/27, 12:52pm reply

eggman was obviously referring to the AUTHOR of the story. Maybe you should spend a little more time reading and a little less time flaming...

QualleyIV

Fresh-Faced Recruit

Joined: Aug 2001

+4

re: testudo

08/27, 12:53pm reply

Someone at MacNN probably has access to an iPhone.

chadpengar

Fresh-Faced Recruit

Joined: Oct 2001

+4

Comment buried. Show

re: testudo

08/27, 02:17pm reply

Right, and the author of the story may actually not have an iPhone (not sure why someone would assume that MacNN has access to one).

And if you DON'T HAVE AN IPHONE, you may likely not care!

Unless you run a news website and are posting stories, then you would care, even if you didn't own the product.

testudo

Fresh-Faced Recruit

Joined: Aug 2001

-12

and in other news...

08/27, 02:47pm reply

Testudo opens his/her mouth simply to hear him/her self speak.

UberFu

Fresh-Faced Recruit

Joined: Oct 2002

+3

Popular News