iPhone bug discovered, bypass any lock screen

Apple's iPhone is nothing short of a blockbuster success, but with that success comes large amounts of users looking to bypass the built in security features. The jailbreaking community thrives on finding loopholes in the iOS platform and today a Brazilian iPhone user has discovered how to bypass any security code on any iPhone.  

To bypass any lock screen simply hit "emergency call", then enter three pound signs, hit the green call button and immediately press the lock button and you will have bypassed the security feature on the iPhone. "That simple procedure gives a snoop full access to the Phone app on the iPhone, which contains the address book, voicemail and call history."

According to Wired, who attempted to contact Apple, they have yet to issue a statement on this latest flaw.  As Apple looks to move into the business sector, these simple flaws are a black mark on the company.  

Update: It is now being reported that you can access the phones photo album as well. As more users get their hands on this exploit, it may be possible to dig deeper into the iPhones data. 

 

 

Report a problem with article
Previous Story

Windows 7 SP1 RC leaks to the web

Next Story

Google catches Gingerbread Man; new Android forthcoming

67 Comments

Commenting is disabled on this article.

Like they always say: physical access is total access.

I haven't even set a passcode on my iPhone because it's always in my pocket or in my hand.

DigitalE said,
Like they always say: physical access is total access.

I haven't even set a passcode on my iPhone because it's always in my pocket or in my hand.

Even when it's been stolen.

Examinus said,

Even when it's been stolen.

Thanks to the insurance company i get a new iphone when is stolen or lost. And also thanks for the itunes backup system is like never happens anything

hotdog963al said,
Just did this to my friend's phone and now he has to reboot it to get out of that, haaaaaaa!

I did it to myself!! I didn't know I have to reboot to get out of it lol oh well, big deal!

Doesn't work here. Lock button = standby button on top right? Or home button? Mine turns the screen off, on again, showing the enter pin screen again... I have a 3G running iOS4.1

este said,
How can you hit 'emergency call' if the phone is locked?

This, I believe, is required for all phones: An emergency call possibility even if it is blocked, locked, etc.

I think because of the popularity of iPhone as with Windows back then exposes the iOS to jailbreakers detecting flaws.Like Windows issuing security patches frequently

Ukmouse said,
Also you can launch the Ipod in the phone using voice control

Once you've done that you have access to everything.

harveyhanson said,

You can access anything using voice control, bad bug!

Yeah right, that **** rarely knows wtf I'm saying to it. Useless. My Pocket PC 2003 had better voice control features than my iPhone does. Sad.

these tricks are great find, but you don't need to have these tricks to unlock someone else's phone.

i can easily overlook someone finger typing out their 4 number password on an iphone. so slow finger movement makes it easy to snoop a password. and touchscreen makes that big finger easy to see.

not working here on ios 4.1 however im using a password with the keyboard instead of entering a pincode with the keypad ;-)

Many people have reported that this doesn't work in 4.2, so with November being right around the corner, Apple may just wait to release that instead of rushing out a patch.

I remember when you heard nothing about Apple...it just worked. Now they are pumping out hardware/software at a faster rate and quality is going down.

And who sits around and figures these things out?

It's simple - they're a victim of their own success. I'm glad they're innovating because it's pushing their competition to innovate too. Plus they put out some cool stuff. This is nothing more than a popular device now becoming a popular target. I honestly believe this is what we would see if the Mac ever became hugely popular like the iPhone.

This actually doesn't sound like a bug or accidental security hole. It sounds more like a backdoor was intentionally put in place.

Read the instructions again. It's so simple and matter-of-fact that it screams of an Apple style ease of use procedure.

Works here, press home button twice and close contacts application, you can back to lock screen. Seems like an useless but funny flaw.

Sh** happens. Now that it's out in the wild they'll be able to fix it, if they haven't already. Anyways, just try not to lose your iPhone and no one will be able to get anything out of it.

Worked for me first try. Thats a nasty bug. Hopefully they will patch it soon. Although the article states it, just to reiterate: it doesn't open the whole phone just the phone app (contacts, voicemails, and call history). Still a LOT of personal information (but could be worse, emails and sms history for instance).

If someone steels your iPhone with the intent of taking all the data off it I think they are able to with a PC. For a thief thats not in the know hopefully the 10 wrong pass code entries will wipe the phone or you can remotely via Apple Support or MobileMe.

Shadrack said,
Worked for me first try. Thats a nasty bug. Hopefully they will patch it soon. Although the article states it, just to reiterate: it doesn't open the whole phone just the phone app (contacts, voicemails, and call history). Still a LOT of personal information (but could be worse, emails and sms history for instance).
If someone steels your iPhone with the intent of taking all the data off it I think they are able to with a PC. For a thief thats not in the know hopefully the 10 wrong pass code entries will wipe the phone or you can remotely via Apple Support or MobileMe.

If you click a link in an email do you get access to Safari? Because that would let you access the App Store which would let you get to the dash by installing an app or updating.

It doesn't allow you to access a users inbox, but it does allow you to send email as them, something that could cause a lot of hassle for the user.

(Although to be honest, it's never been hard to spoof email addresses anyway, but still)

All those iPhone owners get to look forward another 2 hours of waiting for iTunes to wipe the phone, install the fixed version of the OS, and sync content back over. Aren't you lucky?

Wanyal said,
All those iPhone owners get to look forward another 2 hours of waiting for iTunes to wipe the phone, install the fixed version of the OS, and sync content back over. Aren't you lucky?

er what? It only does that if you do a "restore" of the OS, i.e a full fresh clean install.

DrCheese said,

er what? It only does that if you do a "restore" of the OS, i.e a full fresh clean install.

Still takes forever tbh. Last time I updated my iPhone there was the excruciating update download via iTunes, then the backup which I don't remember having any say over, then some exceedingly long patch process...

Seriously, iPhone updates suck.

zkid2010 said,

Still takes forever tbh. Last time I updated my iPhone there was the excruciating update download via iTunes, then the backup which I don't remember having any say over, then some exceedingly long patch process...

Seriously, iPhone updates suck.

At least they get updates...where is 2.2 for my HTC??

doug_jnr said,

At least they get updates...where is 2.2 for my HTC??


ask that to HTC not Google
or you can ask to Cyanogen too

Sophism said,
Ha, yeah this works. I dont think its the end of the world though as long as its patched.

Weird that doesn't work on my 3GS iOS4.0

It works for me, but looks like a reset/power off is required to get the lock and home key to work again. I powered off and back on to fix.

gt2437 said,
It works for me, but looks like a reset/power off is required to get the lock and home key to work again. I powered off and back on to fix.

Hold down the "Home" key, when Voice Control comes up hit cancel and it will return to the lock screen.

Works like a charm on 4.1. You can't access any other application, as the home button does nothing, no multitasking, no nothing.

But..... You can make calls with no problems, search/edit a users address book and if you are hooked up to an exchange server, search the GAL on the exchange server.

If a user has an email address associated with them you can press "share contact" and then you have full access to the email client of the user.

Tanooki said,
Wow, im an Apple fan here, but seriously, what happend to their QA?

He clearly locked the phone in the wrong way. Should ask Steve how to properly lock the phone.

Tanooki said,
Wow, im an Apple fan here, but seriously, what happend to their QA?

What QA department thinks of a test case like "go to the emergency screen, dial ###, press lock, and see what happens"?

At least Apple has the infrastructure in place to rapidly deploy a fix for an obscure defect like this. Expect a 4.1.1 before 4.2 hits, and BACK UP YOUR SHSHs if you value staying rooted.

Sticktron said,

What QA department thinks of a test case like "go to the emergency screen, dial ###, press lock, and see what happens"?

At least Apple has the infrastructure in place to rapidly deploy a fix for an obscure defect like this. Expect a 4.1.1 before 4.2 hits, and BACK UP YOUR SHSHs if you value staying rooted.

Well it isn't really just a testing oversight, is it? It's poor programming.

I don't see people giving software devs that kind of leniency when a ridiculously obscure security vulerability is found in firefox/internet explorer.

Sticktron said,

What QA department thinks of a test case like "go to the emergency screen, dial ###, press lock, and see what happens"?

At least Apple has the infrastructure in place to rapidly deploy a fix for an obscure defect like this. Expect a 4.1.1 before 4.2 hits, and BACK UP YOUR SHSHs if you value staying rooted.

ROFL!! WHAT?!? Their QA has always been a joke. Maybe they don't need to "go to the emergency screen, dial ###, press lock, and see what happens" but they should pick this stuff up in their code review. And what is this nonsense about them rapidly deploying a fix? Seriously, what planet are you on? Apple's status quo has always been to deny deny deny until the fix is ready at some later time. How many articles are there about someone reporting a bug report to Apple and nothing is said or acknowledged until the fix comes out. Meanwhile the rest of the software industry acknowledges their bugs and then tries to fix them.

Give me a break. Apple fanboy's have been crying for years about how great Apple is and how secure it is while the rest of the world has said, "gee I wonder what would happen if Mac ever did get a fair market share and become a viable target". Well here you go. The iPhone is deservingly huge because it's cool and has a ton of apps but with that success comes the people looking for the holes. This is just another example of yet another hole. That's all it is, plain and simple.

Tim Dawg said,
ROFL!! WHAT?!? Their QA has always been a joke. Maybe they don't need to "go to the emergency screen, dial ###, press lock, and see what happens" but they should pick this stuff up in their code review..

Code review won't highlight issues such as this. You're talking about analysis of the paths through code or code coverage stats. But again, there is no chance in hell of this being picked up. There *will* be a workflow which will crash a 747- but its just so uncommon and obscure that its unlikely to be found.

saltysaltybk said,

Code review won't highlight issues such as this. You're talking about analysis of the paths through code or code coverage stats. But again, there is no chance in hell of this being picked up. There *will* be a workflow which will crash a 747- but its just so uncommon and obscure that its unlikely to be found.

It is bad design to have the security of the phone resting on the phone app. The way it should work is another very simple and limited app should be responsible for placing emergency calls from the locked screen. That might seem redundant but the idea is that the OS prevents access to any other application while the phone is locked. The code to place emergency calls is so simple and isolated that it would be impossible to branch out from it to anywhere else in the phone. Using the main phone app for emergency calls means that the phone's security now rests in two places, the OS and the phone app, not only making security testing twice as hard, but also putting security issues on a team whose primary focus is not security.

Ridlas said,

He clearly locked the phone in the wrong way. Should ask Steve how to properly lock the phone.

Overused. Used to be funny, but not anymore. Wait a year or two

smooth_criminal1990 said,

They just seems to be taking more of a Leeroy Jenkins approach for whatever reason

At least I have chicken.