A problem fixed in v1.1.3 of Apple’s iPhone software has resurfaced, apparently in version 2.0.2, according to several forum posts on the MacRumors Web site. The flaw, as explained, gives almost full access to the iPhone, even while under password protection.
The iPhone sees a flaw from the past return for a visit. (IMG:J.Anderson)
The flaw requires just two steps to compromise the device:
After the phone has been locked, launch the emergency call feature. Then, once the emergency call button is displayed, tap the home button twice to launch the favorites. Depending on what has been marked as a favorite, you could then have access to e-mail, contacts, Web browsing and more.
That is the trick, if sensitive information or access is made available; it is only because the user has marked it as a favorite. Seeing as how the whole reason behind most of the iPhone’s features is ease of use, it is hardly a mitigation to simply tell people not to use the favorites options.
The vulnerability has been known for some time, as far back as the first generation iPhone. In fact, this was how the early jail-breakers unlocked Apple's iconic device.
Thus, the reason it was fixed in iPhone update 1.1.3 was to prevent one method to unlock the device. The new resurgence of the trick is not a huge security risk; it is more likely an example of firmware evolution. If the fix appeared in 1.1.3, how then, did it go missing in 2.0.2? The only thing that stands out to some development experts is a serious change in firmware design or a poor QA process.
While some have come out in the press and online attacking the security of the iPhone, the fact is this is not a security issue. Even when it was patched the first time, it was not a major security problem.
However, it is a privacy protection issue, and one that was fixed previously. While iPhone owners are due an explanation as to why the problem reoccurred, the reality is they will not get one. Like before, the issue will be fixed in a future firmware update and that is all customers should expect to receive.
There is one “fix,” according to the forum post, offered by Macduke, which states:
“...disable double tapping of home button in Settings > General > Home Button > Checkmark Home and it will kick it back out of the emergency call screen when they double tap. If you don't care about someone listening to your iTunes library, then just select iPod instead or you can leave this setting alone if it's already set, which it was on my iPhone originally.”
There are currently no comments for this article. Be the first to comment! (no registration required)
Advertising
There are currently no comments for this article. Be the first to comment! (no registration required)