Huge iPhone Security Flaw Puts All Private Information at Risk

Illustration for article titled Huge iPhone Security Flaw Puts All Private Information at Risk

There's a huge security problem in the latest iPhone 2.0.2: if you have your JesusPhone password protected, using a very simple trick gives anyone full access to your cellphone private information in Mail, SMS, Contacts, and even Safari.


The two-step trick is even simpler to the one used in the past to gain access to the phone to install unlocking cards or jailbreak. Fortunately, there's a way to avoid this obvious security breach until Apple fixes it.

First, password protect your phone and lock it.

Then slide to unlock and do this:

1. Tap emergency call.

2. Double tap the home button. Done.

You are now in your favorites.

This seems like a feature, because you may want to have emergency number in your favorites for quick dial. The security problem here is double.

The first: anyone picking up your phone can make a call to anyone in your favorites. On top of that, this also opens access to your full Address Book, the dial keypad, and your voice mail.

If that wasn't bad enough, the second one is even worse: if you tap on the blue arrows next to the names, it will give you full access to the private information in a favorite entry.


And it goes downhill from there:

• If you click in a mail address, it will give you full access to the Mail application. All your mail will be exposed.


• If there's a URL in your contact (or in a mail message) you can click on it and have full access to Safari.

• If you click on send text message in a contact, it will give you full access to all your SMS. Hopefully, this major security break that fully exposes your most private information will be solved as soon as possible.


Until then, you can avoid any potential breach doing the following:

1. In the iPhone home, go to Settings.

2. Click on General.

3. Click on Home Button.

4. Click on either "Home" or "iPod".

This way, the double-click on the home button will take the user back to the unlock screen (if you use "Home") or the iPod screen. I recommend using Home.


You will lose the ability to quickly access your favorites for a quick call-which is one of my favorite features-but that's better than having all your private mails, contacts, and SMS database compromised.

UPDATE: Evidently Apple has a fix coming in their next firmware update, but we've got no word on when that release is planned. [Tip from Mac Rumors forums member]




I just tried this with my iphone - and I have to say, it seems like an oversight. Why do I say that? Well, when the favorites list comes up, it's missing the bottom border - and we all know how much Apple loves their styling. I was thinking "Meh, not a big deal", until I realized how easy it was to access my email, which, while not super top secret, it is still corporate info. This needs to be fixed, and fast.

That being said, in response to other peoples saying that if MS did something like this there would be a bigger outcry, you are probably right. Because MS has a well established history of thinking about security second. They have a pattern of ineptness when it comes to security, and their failing impact hundreds of millions of people. Apple slips up once in a while, so people are less inclined to view it as some horrible thing versus something that will be fixed quickly. (Same with google et. al., they have a culture of security - or at least a perception of one to the masses)