iOS 5.0.1 bug allows unauthorized access to contacts

A newly discovered bug in iOS 5.0.1 allows an unauthorized user to access contacts, view call history, make phone calls and use FaceTime on a password-protected iPhone, reports iMore. However, the circumstances and effort involved in triggering the bug mean it might not be exploited very often, at least before a fix is made.

The bug was discovered by iPhone Islam (Arabic language website) and requires the unauthorized user to have access to the phone, and to also know the phone number of the victimized phone to attempt entry at will. The method is as follows: After the phone receives a missed phone call (which is why knowing the phone number comes in handy for the exploiter), the exploiter then "confuses" the iPhone by actively inserting and ejecting the SIM card while trying to unlock the phone.

When the bug is triggered properly, the Phone app is opened, giving the exploiter access to the iPhone's contact list, favorite contacts and call history. The iPhone can then be used to make phone calls to any phone number or saved contact. Once the iPhone is locked, the exploit must be performed again. According to the video, this exploit works on the iPhone 3GS, iPhone 4, and iPhone 4S.

This bug sounds quite serious, but after seeing the example video recorded by iPhone Islam, the method to trigger it seems incredibly unreliable. It takes more than a couple minutes and numerous attempts before the demonstrator can even pull the exploit off. Regardless, here's hoping it gets patched in a timely fashion.

Report a problem with article
Previous Story

New Windows 8 Store screenshots emerge

Next Story

Verizon experiencing wireless outages again across the US

27 Comments

Commenting is disabled on this article.

OK, first yes this is crazy. Second it has NOTHING to do with being better than ATT simply because you have Verizon / Sprint without a SIM. That's just stupid.

The exploit (if you were even half paying attention) would require a very diligent person.. timing could be crucial as well... so it may or may NOT be an issue given the attempts in the certain order.

Who the hell is going to seriously remove the SIM, slide to unlock 20 times.. ridiculous .. the video lasts no MORE than 4 minutes.. so for those of you that THINK you can remote wipe, we are talking about a phone that you realize is in fact missing.. in under 10.. by that time it is conceivable, they already have what they need.. and let's not forget.. they can ALWAYS turn off the radio, you can't very well remote wipe something if it has no signal..

I still don't believe it is as crucial as they say.. NO ONE is going to be this diligent.. AND NO one, (not one of you) will watch your phone like a hawk 24 / 7. Sorry it's not happening, you can kid yourself all you want.. you CAN'T do it. So if you lose your phone what are the chances you can be at a kiosk or computer quickly enough to send a remote wipe command.. you can't walk up to a complete stranger and say "hey I need to use your phone so I can remote wipe my phone...".. I would't let YOU touch MY phone either..

So quit panicking.. it's just not a problem in the first place.

And this was a reply to whom exactly?
As far as I can see, nobody created an argument about AT&T vs CDMA nor do I see anyone panicking....

rijp said,
OK, first yes this is crazy. Second it has NOTHING to do with being better than ATT simply because you have Verizon / Sprint without a SIM. That's just stupid.

The exploit (if you were even half paying attention) would require a very diligent person.. timing could be crucial as well... so it may or may NOT be an issue given the attempts in the certain order.

Who the hell is going to seriously remove the SIM, slide to unlock 20 times.. ridiculous .. the video lasts no MORE than 4 minutes.. so for those of you that THINK you can remote wipe, we are talking about a phone that you realize is in fact missing.. in under 10.. by that time it is conceivable, they already have what they need.. and let's not forget.. they can ALWAYS turn off the radio, you can't very well remote wipe something if it has no signal..

I still don't believe it is as crucial as they say.. NO ONE is going to be this diligent.. AND NO one, (not one of you) will watch your phone like a hawk 24 / 7. Sorry it's not happening, you can kid yourself all you want.. you CAN'T do it. So if you lose your phone what are the chances you can be at a kiosk or computer quickly enough to send a remote wipe command.. you can't walk up to a complete stranger and say "hey I need to use your phone so I can remote wipe my phone...".. I would't let YOU touch MY phone either..

So quit panicking.. it's just not a problem in the first place.

It is a bug, but not a something a 'smart' user should care about. If you lose your phone, report it and get it remotely wiped. Also don't leave your phone sitting around people you do not trust.

Simple stuff.

I don't even turn on the 'lock' on my phones, as it is far more possible to fumble the dang phone and drop it while trying to unlock it with a passcode than me losing possession of it.

Even with a 'non-smartphone' the carrier should be able to lock and wipe the phone if you lose it.

With Smartphones, if ya lose it, pop open a browser and locate it, and if someone has it, lock it, and/or wipe it. Then contact the carrier to have it fully locked out and have them issue their wipe/reset to the device on top of what the OS provides.

Even without the 'active' SIM, the carrier can link via the SN and Phone Number to access the device. And most of the OS tools that Apple and Microsoft provide also provide a non-SIM mechanism linked via SN and Phone Number to the device for resetting the device.

This is an obscure iOS bug, that is more of a hardware driver trigger that needs to be patched; however, doesn't mean Apple is stupid or the iPhone sucks.


And if anyone follows my comments, I love WP7 and would pick it over iPhone any day, so this is not a fanboi defense of the iPhone.

PS If it was 'important' to gain access to an iPhone, WP7, Android Phone, there are 'other' more technical but easier methods to obtain control of the phone than this bug.

If someone has access to the hardware, they could do so many things if they really wanted the data on the device. (True of any hardware/computer/device ever made.)

A couple of gator clips, and all hardware can be manipulated and accessed.

The only time it gets hard to do this is when the hardware/device is using a high level of encryption like WP7's SD implementation and if you turn on complete bitlocker on a Windows7 notebook, or use NTFS encryption on folders, which keeps these folders locked for a few billion years.

So you have to use a OS level manipulation with the hardware to expose and open the encryption, which does get hard.

I haven't look at the iPhone storage security in a couple of years, but hope that it is using a similar level of encryption at the base hardware level.

Android/Google, you paying attention here, you don't seem to have any inherent storage security, is is why Android fans scream for accessible removeable media they can shove in a Camera, their Computer, and back in the phone, as it isn't secured.

RangerLG said,
I would think that a stolen phone will get reported and the phone ID remotely locked anyway (IMEI or ESN).

Umm..maybe you haven't heard, or maybe you have no clue what you are talking about.. but IMEI isn't a requirement for phone companies.. I can get an unlocked phone with a SIM card.. the phone company doesn't even HAVE that number in their system.. so how can they lock a phone by an IMEI / ESN they don't have, eh mr. Wizard?

Yeah good one.. the SIM *IS* the ID... it will NOT lock the phone anyway even with IMEI / ESN it ONLY prevents making calls, no one cares about USING the phone, they want what is ON it..

It's a serious bug that needs to be patched. People who are famous or have sensitive information in their call logs/contacts will probably be the most effected by this. I'm not one of those people. Worst case scenario someone steels my phone and makes international calls on it to shoot up my bill. But then, couldn't they do that anyway if they put the iPhone into DFU mode and restored it on a computer?

Isn't data on hardware vulnerable if the hardware falls into the wrong hands, anyway? (Just as a general rule).

If my phone got stolen I'd remote wipe it as a first step.

Shadrack said,
It's a serious bug that needs to be patched. People who are famous or have sensitive information in their call logs/contacts will probably be the most effected by this.

For one, the phone would need to be lost in the first place and then second, by the off chance the person who found it would need to know the 'famous' person's number to carry out the exploit anyway.
Not really an issue.

As for your DFU theory, yes, one could run up calls on your SIM by doing this or switching the SIM to another handset, hence why you should report it straight away.

SaltLife said,
Well gsm vs cdma

Not really.

Not sure about iPhone; however, a lot of CDMA phones do have a removable SIM.
It is not 'typical' to be user removable, but CDMA uses a SIM as well.

So the technology difference of CDMA vs GSM is irrelevant as they both work essentially the same way, it is just not something CDMA users have been exposed to like GSM users where the 'international' aspect has kept the SIM accessible.

Seems like a very limited exploit - rule #1 - dont call your phone to find if it is goes missing. Verizon users are obvisously safe since there is no sim card to remove.

jerzdawg said,
Seems like a very limited exploit - rule #1 - dont call your phone to
find if it is goes missing. Verizon users are obvisously safe since there is no sim card to remove.

Or if you are worried then change the options to not show missed calls on the lock screen...

jerzdawg said,
Seems like a very limited exploit - rule #1 - dont call your phone to find if it is goes missing. Verizon users are obvisously safe since there is no sim card to remove.

Are the current iPhone versions being sold at Verizon and Sprint still SIMless? I thought the 4GS added in a locked SIM?

I know CDMA is not typically a removable SIM technology, but a lot of CDMA phones do have a removable SIM. (Yes pure CDMA only phones, it is just not typical.)

There are also the tri-band/international phones that have CDMA/GSM which have SIMs that are tied to both CDMA and GSM.

Even the WP7 Trophy that Verizon offers is a removable SIM card design, as it is one of their few international phones with both CDMA/GSM.

Hmm... Curious, I will have to go look at one.

Is this the exploit? For gods sake, if you know the phone number, you could just answer, or if there is a missed call you could call back like he did. When dialing, the phone is unlocked and you could just enter Contacts and the rest of the phone(can't test atm, but you should be able to hit the home button when in a call).

Graimer said,
Is this the exploit? For gods sake, if you know the phone number, you could just answer, or if there is a missed call you could call back like he did. When dialing, the phone is unlocked and you could just enter Contacts and the rest of the phone(can't test atm, but you should be able to hit the home button when in a call).

No, you can't, Apple isn't that dumb.

I guess it "may" get used if someone robs you of your phone AND knows your number ... but what are the chances? I am sure they will fix it in the next round of updates, I doubt it will be high on the priority list.

Beyond Godlike said,
At least apple will patch this within a week. Though, i dont think this is a big deal, physical security is #1

Really? A Week? I bet Apple already has a fix they are testing. But you think a new version of iOS will be out in a week to get that fix to end users? I do agree, it isn't that big of a deal.