Massive iPhone Security Flaw Exposes All Private Data

August 27, 2008 – 10:49 AM

You’re a smart, safety conscious iPhone user, right? You keep the phone set to require a 4-digit passcode every time it wakes up, so if you ever lose your baby, all your personal information is safe. But if you are running v2.0.2 of the iPhone operating system, you might as well not bother. A simple hack will get anybody past your PIN code with free access to all your mail, contacts and bookmarks. Ouch!

Acting on a tip from the Mac Rumors forums, Gizmodo’s Jesus Diaz whipped up a video of the exploit in action, a ridiculously easy two step process:

1. Tap emergency call.

2. Double tap the home button.

This drops you into the iPhones “favorites” section. From here you can make calls or send email, and with a few steps you can browse to the Address Book and then on to Mail, Safari or the SMS application. Jesus gives us a workaround (set the home button’s double-tap to something else, either “Home” or “iPod” and you’re safe) but this is exactly the sort of thing Apple doesn’t want to happen. It hardly inspires credibility for the iPhone as a secure business device.

We expect it’ll be fixed in v2.1, or maybe Apple will roll out a 2.0.3 update to fix it. Until then, we can add it to the long list of Apple’s iPhone 3G embarrasments.

Source:
http://blog.wired.com/gadgets/2008/08/massive-iphone.html