14 DAY TRIAL // Programmer Karl Kraft's 12-year-old son discovered what can be considered a security issue with the iPhone OS. According to the programmer, the iPhone poses the risk of displaying text messages while in emergency call mode.
“My twelve year old son brought to my attention a security bug he discovered on his iPhone,” says Kraft. “He has an even more paranoid security mind than I do, because he primarily uses his iPhone to send and receive sweet nothings between himself and his girlfriend, and he is certain that his mother and I are desperate to intercept these messages. Being security conscious he turned on the passcode lock and disabled SMS Preview.”
Kraft offers the first screenshot below as an example for that. According to the code-savvy father, “this enables a mandatory passcode.” A generic message of “New Text Message” appears, if a message is received during the passcode entry or while the screen is locked. This is done to prevent viewing messages while the phone is in locked state. Screens #2 and #3 below are offered as examples.
Lastly, one's ability to place the phone in emergency mode and wait 30 seconds for the next text message to be displayed is proved. If the phone is placed in emergency call mode, “any incoming SMS messages are previewed instead of presented as the generic messages,” Kraft points out, posting a fourth screenshot as evidence. “Thus all I need to do to intercept the messages from his [son's] girlfriend is to place the phone in emergency mode and wait 30 seconds for the next sickly sweet message.”
The programmer confirms this is an existing flaw in the current shipping build of the iPhone OS (version 2.1, build 5F136). Kraft notes that Apple may address this bug in the next OS version, but has little faith in that. “I don’t have much hope for it being fixed soon, because my security bug 5368148 from July of 2007 is still marked as open, and still unfixed in 10.5.5,” the developer explains.
Unlike other security issues, there is no working around this bug. This means Apple is the only one who can patch it. And so the waiting begins.
iPhone Emergency Call Security Bug screenshots
Credits: Karl Kraft