A rather large security flaw was discovered in iPhone 2.x software yesterday. The flaw will leave your data open to prying eyes even if you have enabled password protection. To reproduce the flaw try these steps:
- Lock your phone so it requires a password to use
- Slide to unlock, then hit the Emergency Call button
- Double tap your home button
- Click the blue arrow by a contact with an email address and click the email address
- You’ll be taken to a blank email; hit cancel
- Now you have access to all email accounts on your iPhone
- You can do the same trick for text messages and Safari if you have a URL in a contact
Obviously this is a huge flaw if you have sensitive data on your iPhone. The flaw only occurs if you have your Home Button set to Phone Favorites. Apple has not released a fix, but you can change the Home Button function to another action and the flaw will no longer work on your phone. Just follow these steps to change the Home Button function:
- Open Settings
- Click General then Home Button
- Change the setting to anything but Phone Favorites. I prefer Home since even setting it to iPod will allow access to your music.
Gizmodo has a video of the flaw in action. Lets hope Apple fixes this flaw in the next software update. I wonder if this will affect any businesses who are considering the iPhone as a BlackBerry or Windows Mobile alternative? If I was an IT manager, this would seriously worry me about Apple’s commitment to security on the iPhone.
[Via TUAW]
Popularity: 18% [?]
Sphere: Related Content
Recent Comments