Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > iPhone, iPod and iPad > iPhone

Reply
 
Thread Tools Search this Thread Display Modes
Old Aug 26, 2008, 11:32 PM   #26
aristotle
macrumors 68000
 
Join Date: Mar 2007
Location: Canada
Holy crap, I don't give a crap because I don't lock my iPhone since I usually keep it on my person.

It's the same thing with you laptop, as soon as someone has physical access to it, you are screwed anyway.
aristotle is offline   0 Reply With Quote
Old Aug 26, 2008, 11:39 PM   #27
Cynicalone
macrumors 68040
 
Cynicalone's Avatar
 
Join Date: Jul 2008
Location: Okie land
You can really dig into the phone with this, I followed the steps above first then did some exploring. I clicked on a contact in favorites, then clicked on the sms button. Once in sms I backed out of their text log and had access to all my text's. I picked a text I knew had a link in it, that got me to my Safari app. I could surf anywhere I wanted. I picked a contact with an address and had access to Maps and GPS. An email address get's you into mail. I'm sure there is more. Damn talk about dropping the ball.
Cynicalone is offline   0 Reply With Quote
Old Aug 26, 2008, 11:41 PM   #28
sr5878
macrumors 6502a
 
Join Date: Jun 2007
i had this same issue in 1.1.4... i posted on the boards about it....
sr5878 is offline   0 Reply With Quote
Old Aug 27, 2008, 01:15 AM   #29
Phil A.
macrumors 68040
 
Phil A.'s Avatar
 
Join Date: Apr 2006
Location: Telford, UK
That's a great find by the OP, and a big hole left there by Apple!
__________________
Tell a man there are 300 billion stars in the universe and he'll believe you. Tell him a bench has wet paint on it and he'll have to touch it to be sure. ~Murphy's Law
Phil A. is online now   0 Reply With Quote
Old Aug 27, 2008, 02:12 AM   #30
daneoni
macrumors G4
 
daneoni's Avatar
 
Join Date: Mar 2006
That is a big gaping hole, props to the OP for discovering this. I'm not too sure enterprise customers will be happy about this...even average consumers. Full access to a phone thats meant to be secured?
daneoni is offline   0 Reply With Quote
Old Aug 27, 2008, 02:18 AM   #31
macwall
macrumors 6502
 
Join Date: Nov 2007
Location: Cupertino, CA
wow... i hope they patch this soon.
macwall is offline   0 Reply With Quote
Old Aug 27, 2008, 04:02 AM   #32
luigi408
macrumors regular
 
Join Date: Jun 2008
This is already in the front page of gizmodo.com good job in finding it... I hope they fix it soon!!!
luigi408 is offline   0 Reply With Quote
Old Aug 27, 2008, 04:36 AM   #33
SirCrumpet
macrumors regular
 
Join Date: Jun 2007
Location: Brisbane, Australia
Send a message via MSN to SirCrumpet
Quote:
Originally Posted by marksman View Post
I tried this and all my iPhone did is say:

"Would you like to play a game?"
Hmmm... A strange game. The only winning move is not to play. How about a nice game of chess?
__________________
15.4" 2.8GHz Late 2008 MacBook Pro | iPhone 3G (16GB Black) | Apple TV (40GB)
Last.fm | Twitter
SirCrumpet is offline   0 Reply With Quote
Old Aug 27, 2008, 05:20 AM   #34
tucker101uk
macrumors member
 
Join Date: Jul 2008
Location: Sussex, UK
wow! Just tried this in my 2.0 and it does the same thing... Come on apple!?!!
tucker101uk is offline   0 Reply With Quote
Old Aug 27, 2008, 06:14 AM   #35
Mr. Brown
macrumors member
 
Join Date: Jan 2008
That's bad news. Hope they fix it soon.
Mr. Brown is offline   0 Reply With Quote
Old Aug 27, 2008, 07:17 AM   #36
BergerFan
macrumors 68000
 
BergerFan's Avatar
 
Join Date: Mar 2008
Location: London, UK.
Quote:
Originally Posted by SirCrumpet View Post
Hmmm... A strange game. The only winning move is not to play. How about a nice game of chess?
Thermonuclear war sounds a tad more exciting.
__________________
iPhone 5s: (32GB Space Grey) - iPad Air: (32GB Wi-Fi Space Grey)
Retina MacBook Pro(2012): (2.7GHz i7 - 16GB RAM - 512GB SSD)
BergerFan is offline   0 Reply With Quote
Old Aug 27, 2008, 07:34 AM   #37
eduweb
macrumors newbie
 
Join Date: Aug 2008
Post About security

While we're on the subject of security, has anyone tried accessing the phone data as follows:

- connect phone (while locked) to a new computer and iTunes
- backup iPhone

If iTunes allows to sync the iPhone with the computer without requiring the passcode to unlock the phone, then ALL the data on the phone is backed up to the computer and can easily be accessed by anyone using the computer.

Not in a position to try this out myself, but I think it just might work... iPhone never asks me for the passcode when I connect it to the computer.
eduweb is offline   0 Reply With Quote
Old Aug 27, 2008, 07:38 AM   #38
greenmymac
Thread Starter
Banned
 
Join Date: Oct 2007
Location: Tulsa, Ok
Send a message via ICQ to greenmymac Send a message via AIM to greenmymac Send a message via MSN to greenmymac Send a message via Yahoo to greenmymac Send a message via Skype™ to greenmymac
I have sent it off to Apple Feedback, Apple iTunes Support, Apple Mobile Me Support, TUAW, Someone at Apple is bound to see this!

Last edited by Doctor Q; Aug 28, 2008 at 08:32 PM. Reason: remove quote of removed post
greenmymac is offline   0 Reply With Quote
Old Aug 27, 2008, 07:39 AM   #39
Pooshka
macrumors 65816
 
Join Date: Jun 2008
This "Major Security Flaw" has been there since 1.0

And no one detected it until now???

WOW
Pooshka is offline   0 Reply With Quote
Old Aug 27, 2008, 07:41 AM   #40
greenmymac
Thread Starter
Banned
 
Join Date: Oct 2007
Location: Tulsa, Ok
Send a message via ICQ to greenmymac Send a message via AIM to greenmymac Send a message via MSN to greenmymac Send a message via Yahoo to greenmymac Send a message via Skype™ to greenmymac
Quote:
Originally Posted by eduweb View Post
While we're on the subject of security, has anyone tried accessing the phone data as follows:

- connect phone (while locked) to a new computer and iTunes
- backup iPhone

If iTunes allows to sync the iPhone with the computer without requiring the passcode to unlock the phone, then ALL the data on the phone is backed up to the computer and can easily be accessed by anyone using the computer.

Not in a position to try this out myself, but I think it just might work... iPhone never asks me for the passcode when I connect it to the computer.
I think all the backup info is encrypted!

Quote:
Originally Posted by Pooshka View Post
This "Major Security Flaw" has been there since 1.0

And no one detected it until now???

WOW
1.0 didn't have the double tap home button option

Last edited by Doctor Q; Aug 28, 2008 at 08:32 PM. Reason: post merge
greenmymac is offline   0 Reply With Quote
Old Aug 27, 2008, 07:43 AM   #41
Mobile923
macrumors 6502
 
Join Date: Sep 2007
Location: New York, NY
So...

A stranger can have access to the phone app and safari.

... the only two applications that we're all having problems with.

yawn
Mobile923 is offline   0 Reply With Quote
Old Aug 27, 2008, 07:45 AM   #42
greenmymac
Thread Starter
Banned
 
Join Date: Oct 2007
Location: Tulsa, Ok
Send a message via ICQ to greenmymac Send a message via AIM to greenmymac Send a message via MSN to greenmymac Send a message via Yahoo to greenmymac Send a message via Skype™ to greenmymac
Quote:
Originally Posted by Mobile923 View Post
So...

A stranger can have access to the phone app and safari.

... the only two applications that we're all having problems with.

yawn
No they have access to Safari, iPhone app, Contacts, Email, pretty serious to me
greenmymac is offline   0 Reply With Quote
Old Aug 27, 2008, 07:46 AM   #43
SolRayz
macrumors 6502a
 
SolRayz's Avatar
 
Join Date: Jul 2007
Location: Ft. Lauderdale
Send a message via AIM to SolRayz
I have Exchange setup on my iphone which forces you to set a passcode and I can verify that there is no security hole.
__________________
15" Unibody 2.8GHz, 4GB, 500GB Momentus XT
13" Blackbook 2.4GHz, 4GB, 250GB HD
"My goal is simply to try to make products that really are meaningful to people." Jonathan Ive
SolRayz is offline   0 Reply With Quote
Old Aug 27, 2008, 07:46 AM   #44
Pooshka
macrumors 65816
 
Join Date: Jun 2008
Quote:
Originally Posted by greenmymac View Post
1.0 didn't have the double tap home button option
OK, let me re-phrase myself: it's been there since the "Home Button Double-clicking" option

Anyway WOW
Pooshka is offline   0 Reply With Quote
Old Aug 27, 2008, 07:49 AM   #45
eduweb
macrumors newbie
 
Join Date: Aug 2008
Quote:
Originally Posted by greenmymac View Post
I think all the backup info is encrypted!
If it is encrypted, then that's a new feature in 2.0 or iTunes 7 since back when I was in 1.1.3, I could easily access my SMS and calendar from the SQLITE databases that are backed up on my computer. Of course, it takes some time trying to guess which file is which database, but once that trivial task is done, it's very easy to see the data.

Don't have time to check this now, but I still doubt it's encrypted in any way.
eduweb is offline   0 Reply With Quote
Old Aug 27, 2008, 07:50 AM   #46
greenmymac
Thread Starter
Banned
 
Join Date: Oct 2007
Location: Tulsa, Ok
Send a message via ICQ to greenmymac Send a message via AIM to greenmymac Send a message via MSN to greenmymac Send a message via Yahoo to greenmymac Send a message via Skype™ to greenmymac
Quote:
Originally Posted by eduweb View Post
If it is encrypted, then that's a new feature in 2.0 or iTunes 7 since back when I was in 1.1.3, I coulc easily access my SMS and calendar from the SQLITE databases that are backup up on my computer. Of course, it takes some time trying to guess which file is which database, but once that trivial task is done, it's very easy to see the data.

Don't have time to check this now, but I still doubt it's encrypted in any way.
I wonder what Apple's problem is... Steve jobs has to be sick cause normally this **** would not fly

Last edited by Doctor Q; Aug 28, 2008 at 08:33 PM. Reason: language
greenmymac is offline   0 Reply With Quote
Old Aug 27, 2008, 07:51 AM   #47
vrflyer
macrumors 6502
 
Join Date: Jul 2008
Quote:
Originally Posted by Phil A. View Post
That's a great find by the OP, and a big hole left there by Apple!
Uh, doesn't the apple logo have a hole for a reason?
vrflyer is offline   0 Reply With Quote
Old Aug 27, 2008, 07:53 AM   #48
greenmymac
Thread Starter
Banned
 
Join Date: Oct 2007
Location: Tulsa, Ok
Send a message via ICQ to greenmymac Send a message via AIM to greenmymac Send a message via MSN to greenmymac Send a message via Yahoo to greenmymac Send a message via Skype™ to greenmymac
Quote:
Originally Posted by vrflyer View Post
Uh, doesn't the apple logo have a hole for a reason?
I also wonder how get Macrumors to front page this!
greenmymac is offline   0 Reply With Quote
Old Aug 27, 2008, 07:53 AM   #49
JML42691
macrumors 68020
 
JML42691's Avatar
 
Join Date: Oct 2007
Macworld has an article about this now, referencing this thread as to pointing it out:

Macworld Link


And as it states in their article, an Apple spokesperson in London had no knowledge of this flaw, so this very well might be the first that they have heard of it, if so, expect this to be fixed in 2.1, or maybe an unplanned release of 2.0.3 directed only at this problem.
JML42691 is offline   0 Reply With Quote
Old Aug 27, 2008, 08:02 AM   #50
mcdj
macrumors 603
 
mcdj's Avatar
 
Join Date: Jul 2007
Location: NYC
Wirelessly posted (iPhone: Mozilla/5.0 (iPhone; U; CPU iPhone OS 2_0_2 like Mac OS X; en-us) AppleWebKit/525.18.1 (KHTML, like Gecko) Version/3.1.1 Mobile/5C1 Safari/525.20)

Pretty ironic, considering all the hoops developers have to jump through to stay within Apple's SDK boundaries, insuring nothing they do compromises the phone. Apple obviously doesn't need any help from devs; the iPhone is perfectly capable of compromising itself.
__________________
Great cage! No bird...
50f/2

Last edited by mcdj; Aug 27, 2008 at 08:12 AM.
mcdj is offline   0 Reply With Quote

Reply
MacRumors Forums > iPhone, iPod and iPad > iPhone

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
thread Thread Starter Forum Replies Last Post
Safari & pop up blocking? Major security flaw? Magrathea Mac Basics and Help 1 Jul 25, 2013 10:01 AM
Email bug in 2.0.2? pavvento iPhone 9 Aug 19, 2008 01:45 PM


All times are GMT -5. The time now is 05:01 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC