Major iPhone 2.0.2. firmware vulnerability gives total access even on password protected forms. Worse: dead simple.

passcode.jpg

Word’s come out of a truly hideous iPhone Firmware 2.0.2 bug that allows any one who picks up your phone full access to your data… even if it’s password protected.

Here’s how it’s done. Access is gained through the “Emergency Call” option on the password entry screen. Now hit the Home button twice. You’re now at the favorites screen. Hit a blue arrow next to a contact’s name. Want access to email? Make to email them, then email someone else. Want to use Safari? Go to a contact’s web site, then just browse as normal. Easy. And totally stupid.

If you want to secure your iPhone before the obviously forthcoming point release fix, just assign your home button to something besides “Phone Favorites.”

But jeez, Apple. Another fuck up? This will not go over well with your business users. You’ve spread yourself way too thin.

Major Security Flaw in 2.0.2. [Mac Rumors via Cult of Mac]

This entry was posted in apple, password and tagged . Bookmark the permalink.

6 Responses to Major iPhone 2.0.2. firmware vulnerability gives total access even on password protected forms. Worse: dead simple.

  1. 33degrees says:

    Depends what you have your home button double-click set to… mine’s set to go the ipod, so this isn’t an issue for me at all.

  2. claud9999 says:

    Ok, all those who actually use the screen lock on their phone (brand doesn’t matter) raise your hand. Me, I just keep the ethereal silver thread between myself and my phone short…Bonus nerd points for understanding that reference.

    I’ve tried using screen locks on multiple phones and always find the huge inconvenience far outweighing the possible impact the loss of my phone would cause.

    (And I lock up my truly private data using “LockBox”. Sure, my e-mail would be annoying to have someone else peruse, but a simple p/w change and they can no longer get new e-mails…)

  3. Alan says:

    Hey, it’s a screw up, but it’s easy to fix. Besides, you couldn’t even lock my old phone, so it was always open to anyone.

  4. Doomstalk says:

    #1: A) Until it’s fixed, companies can’t reasonably tell their clients that their proprietary data is secure B) a fuck up is a fuck up, and corporate customers will be leery of a company with a poor track record C) your last point isn’t even true. The old iPhone has always had a password lock feature. The fact is, some form of this flaw has existed for nearly a year. Hell, hackers used it to jailbreak back before the TIFF exploit was fixed.

  5. Alan says:

    Doomstalk: I said “my old phone”, not iPhone. My point was there are plenty of devices out there that don’t even offer a mediocum of this level of security, broken or not.

    I’m with Claud9999; just don’t put that much on there to begin with.

  6. Halloween Jack says:

    In other news, leaving any sort of computing-style thingy that has secure info on it on the default settings is asking for it. No film at 11.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

 

More BB

Boing Boing Video

Flickr Pool

Digg

Wikipedia

Advertise

Displays ads via FM Tech

RSS and Email

This work is licensed under a Creative Commons License permitting non-commercial sharing with attribution. Boing Boing is a trademark of Happy Mutants LLC in the United States and other countries.

FM Tech