Aug 31, 2008

iPhone 3G passcode lock security problem still exists

Oh, good grief, Apple. After all the blathering about how the iPhone 3G needed to be locked down tighter than a horse fly’s hoo-ha for ’security reasons’, it seems that there is a big yawning hole in the new phone’s password locking mechanism.

By pressing ‘emergency call’ and double-tapping the Home button, all contacts in the favourites list can be displayed. From there, you have full access to contact details (phone numbers, email, etc.) and if any of the contacts contain a URL you can use it to launch Safari with full acceszs to saved passwords and cookies, etc.

Apple actually fixed this issue back in January, but only in the 1.x firmware - 2.x devices are still vulnerable. There is a simple workaround - just change “Settings->General->Home Button” to “Home”- but that will be small comfort to anyone who has had their device compromised already. Source...

No comments: