14 DAY TRIAL // A rather serious flaw has been discovered in Apple’s mobile operating system powering iPhones, according to a report by Engadget which claims that anyone with physical access to another person’s iPhone can bypass the passcode entry screen and glance at their call history, voicemail, address book, and even photos.
Via the iOS Settings menu, iPhone users can opt to set a password lock on their device, which iOS displays right after the “slide-to-unlock” screen as the person holding the phone attempts to gain access to its contents.
Engadget reports that the system is flawed, in that whoever grabs the phone and attempts to make an emergency call - which overrides the passcode lock - can then hit the lock button and end up in the Phone application.
From there, the presumed unauthorized user is granted access to the call history, voicemail, and address book, the site reports.
However, these three areas are not the only ones accessible via this method. For example, selecting to share a contact, or trying to edit a contact’s information, will also give the unauthorized user access to the photo album.
Moreover, by holding down the home button, which activates voice control, this person can also access locally-stored audio files.
The bug has been confirmed as present in both iOS 4.1, and iOS 4.2 betas.
The final, public release of iOS 4.2 is scheduled for November, with no exact launch date being set. As such, Apple has more than enough time to close this hole, and, perhaps many others.
Softpedia has verified the method and can confirm it’s 100% usable to gain unauthorized access to an iPhone’s contents.
A video demonstration on how someone can take advantage of this vulnerability is embedded below.
Needless to point out, those who trust their iPhones with their most intimate secrets should avoid leaving the device unattended when others are around.