updated 11:20 am EDT, Wed August 27, 2008
iPhone 2.x passcode hack
The iPhone 2.0 firmware is vulnerable to an unusually easy security bypass, a report claims. Updated iPhones have the option of a four-digit passcode, which in theory should restrict all access to the device's data. The vulnerability manifests through the "Emergency Call" button on the passcode entry screen, meant to allow simple dialing functions regardless of whether the code is remembered.
Simply by selecting Emergency Call and double-tapping the Home button, iPhone users can bring up a favorite contacts list, displaying phone numbers, e-mail addresses and websites. From here it is possible to launch most major iPhone functions, including Mail, SMS, Google Maps and the Safari web browser.
The issue is said to be particularly troublesome because it was previously fixed in the v1.1.3 firmware, having been identified as a known bug by the time of v1.1.2. The only known fix for v2.x is to remove any sensitive favorites.