Big Security Vulnerability in 3.0!

Discussion in 'iPhone' started by heron88, Jun 23, 2009.

  1. heron88 macrumors 6502

    Joined:
    Jun 16, 2008
    #1
    I dont know if this has been posted yet, I did a search and didnt see anything.

    Yesterday I was on my ipod touch enjoying the new push services with TextFree. Like we all know the ipod doesnt go to sleep when you're listening to music or if its plugged in. In my case I was listening to music. So every time a text would come in the ipod would wake from being on hold, and show me my text. Where the security flaw is is that when I click "view" on the push notification to reply to the text it takes me straight into my ipod without prompting me for my passcode. This means anyone can have unrestricted access to my ipod. I assume this would be the same on an iphone too.

    This kind of reminds me of the double-click home button issue on the iphone a while ago. Can anyone confirm this happens for you too?
     
  2. jav6454 macrumors P6

    jav6454

    Joined:
    Nov 14, 2007
    Location:
    1 Geostationary Tower Plaza
    #2
    Now this something worth talking about. Like OP this glitch, if this is one, leaves the door open for anyne to pry in. I hope they fix it in 3.0.1
     
  3. heron88 thread starter macrumors 6502

    Joined:
    Jun 16, 2008
    #3
    Yeah I really cant see how they missed this one:confused:
     
  4. doubleatheman macrumors 6502a

    doubleatheman

    Joined:
    May 27, 2009
    #4
    Yep I love how pointless my passcode is now...

    Also with voice control anyone can pick up my phone and say call 555-1234, with no restrictions at all. I passcode sometimes to prevent others from making calls on my phone. So much for that.
     
  5. jav6454 macrumors P6

    jav6454

    Joined:
    Nov 14, 2007
    Location:
    1 Geostationary Tower Plaza
    #5
    Well with 3.0 deadline I can see them forgeting or overlooking pascode permits.

    Hopefully they will fix this
     
  6. johny5 macrumors 6502a

    johny5

    Joined:
    Mar 31, 2007
    Location:
    UK
    #6
    Surely if you are listening to music then your phone isn't in fact locked down anyway?
    I know if I were listening to music and a txt came through then I would like to just click the view button to view the text as oppose to unlocking the phone?
    Was this different in the previous firmware? I didn't really notice?
     
  7. Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #7
    I agree.
    Obviously if the phone is in use listening to music and the screen not locked I wouldnt want to keep punching in my pin on every single text that comes thru.
    Wow, majob security hole :D

     
  8. heron88 thread starter macrumors 6502

    Joined:
    Jun 16, 2008
    #8
    Same thing happens when its plugged into your computer... Whats the point of a passcode lock if anyone can just plug your ipod/phone in and get unrestricted access?
     
  9. johny5 macrumors 6502a

    johny5

    Joined:
    Mar 31, 2007
    Location:
    UK
    #9
    Try locking your phone and then plugging it in to another computer that you havent synced it to.
    It will not let you have access and will tell you that you need to unlock your phone first.
     
  10. Phil A. Moderator

    Phil A.

    Staff Member

    Joined:
    Apr 2, 2006
    Location:
    Shropshire, UK
    #10
    Wirelessly posted (iPod touch 32GB: Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16)

    You can disable voice dialling when the phone is locked.
     
  11. The General macrumors 601

    Joined:
    Jul 7, 2006

Share This Page