MacRumors

macrumors bot
Original poster
Apr 12, 2001
53,431
15,162
https://www.macrumors.com/images/macrumorsthreadlogodarkd.png

Gizmodo publicizes a security flaw that was publicly posted last night to MacRumors' Discussion Forum. The vulnerability allows individuals to easily bypass the built-in passcode protection offered by Apple to lock your iPhone.

The workaround allows unauthorized individuals access to the iPhone's Safari, Contacts list, SMS, Maps, and Mail.

MacRumors has been told that this security flaw was already reported to Apple earlier this month and has been acknowledged as an issue. A fix will presumably be included in a future firmware update.

Update: A simple fix is available in the meanwhile. Users should set their "Home Button" double-click preference to "Home" or "iPod" rather than the default "iPhone Favorites".

Article Link
 

dvkid

macrumors regular
Feb 18, 2006
166
44
Sensationalism much?

Huge iPhone Security Flaw Puts All Private Information at Risk

Really? Because I don't have a pass-code on my iPhone at the moment. Just don't let random folks use your phone?

Gotta love the AOL bloggers and their TimeWarner craziness.
 

Niiro13

macrumors 68000
Feb 12, 2008
1,719
0
Illinois
Sounds like someone at Apple reads Mac Rumors Discussions and Gizmodo...

I believe a ton of Apple employees do. We get heard, believe it or not. That's why Arn gets all of the CAD letters on removing leaked photos.

Yup...they're just not allowed to post, right? I thought I read that somewhere on this forum.


Anyway, if this passcode was already being addressed, wouldn't it have come out? Is it not a simple override of the double tapping of the home button when on the passcode screen?
 

aardwolf

macrumors 6502
May 30, 2007
371
173
Doesn't affect me.

I don't even lock my phone... And if I did, I've read that setting your double-click home action to actually go to the home page will prevent this exploit from working.
 

Clayne

macrumors 6502
Jul 5, 2008
390
0
Yup...they're just not allowed to post, right?

Probably. I bet they're reading this right now, laughing.

And I bet they get a lot of laughs watching us try and guess what's coming out, including all the bizarre things we think of.
 

m4c1nt05h

macrumors member
Jun 28, 2007
45
0
here's the work-around

"iPhone users who want to guard against this flaw have a really simple solution - in (Settings) General access the Home Button Settings, and switch double-clicking from 'Phone Favorites' (default) to iPod. " - taken from 9to5mac.com

why didn't macrumors post this?
 

pavvento

macrumors 6502
Jun 3, 2007
437
0
Huge iPhone Security Flaw Puts All Private Information at Risk

Really? Because I don't have a pass-code on my iPhone at the moment. Just don't let random folks use your phone?

Gotta love the AOL bloggers and their TimeWarner craziness.

I don't think the security concern is having random people use your phone. I think its for the very realistic scenario where your phone might be lost or stolen. Your company (for people on exchange) would most probably want to do a remote wipe immediately, but if someone has the phone and open access they can get to your information before it's cleared out.

For a company hoping to get its phone into the corporate world this is a HUGE oversight.
 

thejadedmonkey

macrumors G3
May 28, 2005
8,605
1,919
Pennsylvania
MacRumors has been told that this security flaw was already reported to Apple earlier this month and has been acknowledged as an issue. A fix will presumably be included in a future firmware update.

Doesn't mean anything. I've submitted bugs to Apple before, and they've been acknowledged, but then thrown out as "intended behavior". I would assume they'd fix it, but still.... don't count your chickens before they hatch!
 

Snowcat001

macrumors regular
Jan 19, 2008
209
0
I believe a ton of Apple employees do. We get heard, believe it or not. That's why Arn gets all of the CAD letters on removing leaked photos.

The real question is... who on MacRumors is an Apple employe???
We should have a poll about this :D:D
: Who do you think, on this forum, is an apple employe?

:)
 

mBox

macrumors 68020
Jun 26, 2002
2,318
64
"iPhone users who want to guard against this flaw have a really simple solution - in (Settings) General access the Home Button Settings, and switch double-clicking from 'Phone Favorites' (default) to iPod. " - taken from 9to5mac.com

why didn't macrumors post this?
Funny thing is I did this weeks ago not knowing about the flaw ;)
 

towlieban

macrumors newbie
Sep 24, 2007
12
0
passcode lock

I've got news for you guys. Last week, I set a passcode and forgot it. Since my phone is jailbroken (I'm on 2.0.1) and has ssh installed, I did some research and found 2 things that need to be changed to completely disable the passcode and it's surprisingly easy. If anyone wants these instructions then let me know
 

jtshaw

macrumors newbie
Jan 14, 2008
11
1
I don't think the security concern is having random people use your phone. I think its for the very realistic scenario where your phone might be lost or stolen. Your company (for people on exchange) would most probably want to do a remote wipe immediately, but if someone has the phone and open access they can get to your information before it's cleared out.

For a company hoping to get its phone into the corporate world this is a HUGE oversight.

For what its worth... if you connect to exchange with your iPhone and you lose it you should probably go ahead and change your exchange password asap...

Of course, then you might have to deal with the annoyance of some guy locking your corp. account because he keeps trying to mess with your work e-mail but fails password auth, but it is better then having sensitive data leaked.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.