iPhone Passcode Flaw Already Addressed for Future Firmware Update?

MacRumors · 12:54 PM

Gizmodo publicizes a security flaw that was publicly posted last night to MacRumors' Discussion Forum. The vulnerability allows individuals to easily bypass the built-in passcode protection offered by Apple to lock your iPhone.

The workaround allows unauthorized individuals access to the iPhone's Safari, Contacts list, SMS, Maps, and Mail.

MacRumors has been told that this security flaw was already reported to Apple earlier this month and has been acknowledged as an issue. A fix will presumably be included in a future firmware update.

Update: A simple fix is available in the meanwhile. Users should set their "Home Button" double-click preference to "Home" or "iPod" rather than the default "iPhone Favorites".

Article Link

thecartoonguy · Aug 27, 2008, 12:21 PM

Let's hope sooner than later

Mindflux · Aug 27, 2008, 12:22 PM

Quote:

Originally Posted by thecartoonguy

Let's hope sooner than later

Why? For all those 'h4x0rs' you let use your phone?

arian19 · Aug 27, 2008, 12:22 PM

who hacked my iphone?

mogzieee · Aug 27, 2008, 12:23 PM

Sounds like someone at Apple reads Mac Rumors Discussions and Gizmodo...

Mykbibby · Aug 27, 2008, 12:24 PM

Not a big deal in my eyes... If some hacker gets your phone, believe me, a passcode isn't stopping them.

Beric · Aug 27, 2008, 12:25 PM

Quote:

Originally Posted by mogzieee

Sounds like someone at Apple reads Mac Rumors Discussions...

I believe a ton of Apple employees do. We get heard, believe it or not. That's why Arn gets all of the CAD letters on removing leaked photos.

twoodcc · Aug 27, 2008, 12:26 PM

well i'm glad to see that Apple is already working on this. hopefully they'll fix it soon

Masquerade · Aug 27, 2008, 12:27 PM

OMG and these guys are working in server-OSses :X

dvkid · Aug 27, 2008, 12:27 PM

Huge iPhone Security Flaw Puts All Private Information at Risk

Really? Because I don't have a pass-code on my iPhone at the moment. Just don't let random folks use your phone?

Gotta love the AOL bloggers and their TimeWarner craziness.

Niiro13 · Aug 27, 2008, 12:28 PM

Quote:

Originally Posted by mogzieee

Sounds like someone at Apple reads Mac Rumors Discussions and Gizmodo...

Quote:

Originally Posted by Beric

I believe a ton of Apple employees do. We get heard, believe it or not. That's why Arn gets all of the CAD letters on removing leaked photos.

Yup...they're just not allowed to post, right? I thought I read that somewhere on this forum.

Anyway, if this passcode was already being addressed, wouldn't it have come out? Is it not a simple override of the double tapping of the home button when on the passcode screen?

aardwolf · Aug 27, 2008, 12:31 PM

I don't even lock my phone... And if I did, I've read that setting your double-click home action to actually go to the home page will prevent this exploit from working.

Clayne · Aug 27, 2008, 12:31 PM

Quote:

Originally Posted by Niiro13

Yup...they're just not allowed to post, right?

Probably. I bet they're reading this right now, laughing.

And I bet they get a lot of laughs watching us try and guess what's coming out, including all the bizarre things we think of.

gcmexico · Aug 27, 2008, 12:34 PM

I just tried it...yep security flaw...thanks macrumors

m4c1nt05h · Aug 27, 2008, 12:37 PM

"iPhone users who want to guard against this flaw have a really simple solution - in (Settings) General access the Home Button Settings, and switch double-clicking from 'Phone Favorites' (default) to iPod. " - taken from 9to5mac.com

why didn't macrumors post this?

pavvento · Aug 27, 2008, 12:38 PM

Quote:

Originally Posted by dvkid

Huge iPhone Security Flaw Puts All Private Information at Risk

Really? Because I don't have a pass-code on my iPhone at the moment. Just don't let random folks use your phone?

Gotta love the AOL bloggers and their TimeWarner craziness.

I don't think the security concern is having random people use your phone. I think its for the very realistic scenario where your phone might be lost or stolen. Your company (for people on exchange) would most probably want to do a remote wipe immediately, but if someone has the phone and open access they can get to your information before it's cleared out.

For a company hoping to get its phone into the corporate world this is a HUGE oversight.

thejadedmonkey · Aug 27, 2008, 12:40 PM

Quote:

Originally Posted by MacRumors

MacRumors has been told that this security flaw was already reported to Apple earlier this month and has been acknowledged as an issue. A fix will presumably be included in a future firmware update.

Doesn't mean anything. I've submitted bugs to Apple before, and they've been acknowledged, but then thrown out as "intended behavior". I would assume they'd fix it, but still.... don't count your chickens before they hatch!

Snowcat001 · Aug 27, 2008, 12:40 PM

Quote:

Originally Posted by Beric

I believe a ton of Apple employees do. We get heard, believe it or not. That's why Arn gets all of the CAD letters on removing leaked photos.

The real question is... who on MacRumors is an Apple employe???
We should have a poll about this

: Who do you think, on this forum, is an apple employe?

mBox · Aug 27, 2008, 12:41 PM

Quote:

Originally Posted by m4c1nt05h

"iPhone users who want to guard against this flaw have a really simple solution - in (Settings) General access the Home Button Settings, and switch double-clicking from 'Phone Favorites' (default) to iPod. " - taken from 9to5mac.com

why didn't macrumors post this?

Funny thing is I did this weeks ago not knowing about the flaw

AnthonyKinyon · Aug 27, 2008, 12:47 PM

Does this affect iPod Touch at all? I wouldn't think so given that it's not a phone.

towlieban · Aug 27, 2008, 12:50 PM

I've got news for you guys. Last week, I set a passcode and forgot it. Since my phone is jailbroken (I'm on 2.0.1) and has ssh installed, I did some research and found 2 things that need to be changed to completely disable the passcode and it's surprisingly easy. If anyone wants these instructions then let me know

jtshaw · Aug 27, 2008, 12:51 PM

Quote:

Originally Posted by pavvento

I don't think the security concern is having random people use your phone. I think its for the very realistic scenario where your phone might be lost or stolen. Your company (for people on exchange) would most probably want to do a remote wipe immediately, but if someone has the phone and open access they can get to your information before it's cleared out.

For a company hoping to get its phone into the corporate world this is a HUGE oversight.

For what its worth... if you connect to exchange with your iPhone and you lose it you should probably go ahead and change your exchange password asap...

Of course, then you might have to deal with the annoyance of some guy locking your corp. account because he keeps trying to mess with your work e-mail but fails password auth, but it is better then having sensitive data leaked.

Matthew Yohe · Aug 27, 2008, 12:51 PM

Quote:

Originally Posted by towlieban

I've got news for you guys. Last week, I set a passcode and forgot it. Since my phone is jailbroken (I'm on 2.0.1) and has ssh installed, I did some research and found 2 things that need to be changed to completely disable the passcode and it's surprisingly easy. If anyone wants these instructions then let me know

product-security@apple.com

dagamer34 · Aug 27, 2008, 12:52 PM

It's not a security flaw if it depends on a user's stupidity, FYI

Sijmen · Aug 27, 2008, 01:03 PM

Quote:

Originally Posted by dagamer34

It's not a security flaw if it depends on a user's stupidity, FYI

Uh, what? What's so stupid about setting a passcode and leaving the other settings at their defaults?

Aug 27, 2008, 12:19 PM	#1
MacRumors macrumors bot Join Date: Apr 2001	iPhone Passcode Flaw Already Addressed for Future Firmware Update? Gizmodo publicizes a security flaw that was publicly posted last night to MacRumors' Discussion Forum. The vulnerability allows individuals to easily bypass the built-in passcode protection offered by Apple to lock your iPhone. The workaround allows unauthorized individuals access to the iPhone's Safari, Contacts list, SMS, Maps, and Mail. MacRumors has been told that this security flaw was already reported to Apple earlier this month and has been acknowledged as an issue. A fix will presumably be included in a future firmware update. Update: A simple fix is available in the meanwhile. Users should set their "Home Button" double-click preference to "Home" or "iPod" rather than the default "iPhone Favorites". Article Link Last edited by arn : Aug 27, 2008 at 12:54 PM.

Aug 27, 2008, 12:21 PM	#2
thecartoonguy macrumors 6502 Join Date: Jun 2008	Let's hope sooner than later __________________ Windows users laugh at my Apple but I continue to use MY APPLE while you're removing viruses, spyware or reformatting your drive.... Oh and there's this too- http://tinyurl.com/lunlf7

Aug 27, 2008, 12:23 PM	#5
mogzieee macrumors 6502a Join Date: Feb 2008 Location: Oxford, UK.	Sounds like someone at Apple reads Mac Rumors Discussions and Gizmodo... __________________ 15" MacBook Pro 2.4GHz, 8GB iPod touch, 1GB iPod shuffle, MobileMe. website. blog. twitter.

Aug 27, 2008, 12:24 PM	#6
Mykbibby macrumors 6502 Join Date: Jun 2007 Location: Palm Springs, CA	Not a big deal in my eyes... If some hacker gets your phone, believe me, a passcode isn't stopping them. __________________ Mac Soda: Quenching Your Thirst for Everything Apple

Aug 27, 2008, 12:26 PM	#8
twoodcc macrumors 603 Join Date: Feb 2005 Location: Right side of wrong	well i'm glad to see that Apple is already working on this. hopefully they'll fix it soon __________________ tville pump Smarter than the average bear

Aug 27, 2008, 12:22 PM	#4
arian19 macrumors member Join Date: Jul 2008	who hacked my iphone?

Aug 27, 2008, 12:27 PM	#9
Masquerade macrumors 6502a Join Date: May 2007	OMG and these guys are working in server-OSses :X

Aug 27, 2008, 12:27 PM	#10
dvkid macrumors regular Join Date: Feb 2006	Sensationalism much? Huge iPhone Security Flaw Puts All Private Information at Risk Really? Because I don't have a pass-code on my iPhone at the moment. Just don't let random folks use your phone? Gotta love the AOL bloggers and their TimeWarner craziness.

Aug 27, 2008, 12:31 PM	#12
aardwolf macrumors member Join Date: May 2007	Doesn't affect me. I don't even lock my phone... And if I did, I've read that setting your double-click home action to actually go to the home page will prevent this exploit from working.

Aug 27, 2008, 12:34 PM	#14
gcmexico macrumors 6502a Join Date: Dec 2007 Location: New York City	I just tried it...yep security flaw...thanks macrumors __________________ PB G3, Imac G4, Imac G5, MacMini Media Center, MBA, TV, 3gS Iphone, 4th gen Nano, Drobo

Aug 27, 2008, 12:37 PM	#15
m4c1nt05h macrumors newbie Join Date: Jun 2007	here's the work-around "iPhone users who want to guard against this flaw have a really simple solution - in (Settings) General access the Home Button Settings, and switch double-clicking from 'Phone Favorites' (default) to iPod. " - taken from 9to5mac.com why didn't macrumors post this?

Aug 27, 2008, 12:47 PM	#20
AnthonyKinyon macrumors regular Join Date: Apr 2006	Does this affect iPod Touch at all? I wouldn't think so given that it's not a phone.

Aug 27, 2008, 12:50 PM	#21
towlieban macrumors newbie Join Date: Sep 2007	passcode lock I've got news for you guys. Last week, I set a passcode and forgot it. Since my phone is jailbroken (I'm on 2.0.1) and has ssh installed, I did some research and found 2 things that need to be changed to completely disable the passcode and it's surprisingly easy. If anyone wants these instructions then let me know

Aug 27, 2008, 12:52 PM	#24
dagamer34 macrumors regular Join Date: May 2007	It's not a security flaw if it depends on a user's stupidity, FYI

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode