Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Major Security Flaw in 2.0.2
- Thread starter greenmymac
- Start date
- Sort by reaction score
I would like it if this worked, but only to make a call to the people on your favorites list. That way you wouldn't have to type in your pass code to make a quick call. It would even be nice for a person who found your phone to be able to call your friends to get the phone back to you (I've done that before). Allowing access to the whole contact list/email/etc. defeats the purpose of the passcode.
It can't be changed, and anybody with an ADC can verify that. He stole it, Adam's not even pissed about it, I am because stuff like this drives me insane!
No edits can be made to the box. Anyone with an ADC account CAN verify that. If I had the time to install Screenflow or something to prove it, I would. But this isn't something that can really be contested, its just the way the ADC Bug Reporter works.
But honestly, I don't care about this as much as GradientMac seems to, so unless I can figure out some way to get "proof" from TUAW or MacRumors, I dont know that I have anything more to say.
I like that idea but....
1. slide to unlock
2. password
3. tap phone
4. tap favorite
or
1. slide to unlock
2. emergancy call
3. double tap home
4. tap favorite
same steps but seems like more!
Sometimes the data on the phone means more than the phone itself. What if Phil Schiller's (sp) iPhone got lost, and whoever found it had access to Steve Jobs' personal number in his Favorites? That sort of thing is what the passcode lock exists to protect. If you care more about getting your phone back than you do giving someone access to your contacts list, you could always not set a passcode and have a "if found, call this contact" thing set up.
Ok your right! HEY APPLE FORGET ABOUT THIS BUG!!!!
Im testing some more things with this do you all remember firmware 1.1.1 when AppTapp was released and during the jailbreak process you had to add a contact and then you put something somewhere within that contact to launch system prefs well i cant find that! and i wonder if you got into the favorites of someone else's phone and edited the contact and you could tech. make any app open
You could even go on Safari and plagiarize someone else's work right off your phone!
OH NOES!
That scroll bar is pretty long, what else did you post?
since you asked, this is the rest of the bug report submission (which was also sent to MR and TUAW):
http://img.skitch.com/20080828-j1es5ankfin2wb57131458ktdq.png
following the standard Apple guidelines here: http://developer.apple.com/bugreporter/bugbestpractices.html
You could even go on Safari and plagiarize someone else's work right off your phone!
OH NOES!
LOL it would be funny if it were true!
I think most people wouldn't mind revealing the phone numbers of their favorites list for a chance to get the phone back. There are a few people with really "top secret" phone numbers on their favorites list, but most of us just have everyday numbers. I wouldn't want to risk allowing access to the whole phone (as the bug currently does). I also doubt that an honest person who found my phone would know about this feature - so they probably wouldn't be able to access my favorites list to call me anyway. I have stopped using the passcode because it slows me down too much when I want to make a quick call, I would gladly unprotect the favorites list if it only allowed use of the phone numbers. Even better it could allow you to call the numbers without actually displaying what number is being dialed. Then there is no risk of leaking Steve Job's home phone number.
That would be nice to have steve's iPhone cause he probably has iPhone 4G running 3.0.2!
If they were going to include a feature to purposely allow easy access to the favorites screen they could add the emergency number to the favorites screen and display that as soon as you hit the emergency call button.
Even the way it is I can hit "emergency call" much faster than I can accurately type in the passcode.
Baloney. I have a corporate profile on my phone, forces a passcode, and this hole works just fine on my phone IF I have my double-tap (Home Button) set to either Favorites. Fortunately I don't set it to Favorites, so if it goes to either Home or iPod then there's no hole, if you do, you have it.
I was the one who ORIGINALLY found this bug 2 weeks ago and I told my cat about it. How the heck did you steal my words??? I am so offended now. I can't believe someone else is taking credit for my work...
work for what? "I found it first!" ... "No, I found it first!" WHO CARES!
The only thing that sucks about ALL OF THIS is that ANYONE reading these websites now KNOWS how to do this. So instead of maybe 1 or 2 people knowing about this flaw, thousands of people do... now it's even LESS SECURE than before? I would have never thought to tap Emergency Call, Double Tap, Click Contact Info, Click a Website... geeze, that would take quite a bit of digging to learn that one (especially for the average person who picks up your iPhone if you've left it lying around). Note: I am sorry if I used some of the same words as you... I wasn't trying to copy.
What you SHOULD have done is put in the freakin' bug report to Apple and been professional about it so that Apple could fix it before it became known to everyone.
work for what? "I found it first!" ... "No, I found it first!" WHO CARES!
The only thing that sucks about ALL OF THIS is that ANYONE reading these websites now KNOWS how to do this. So instead of maybe 1 or 2 people knowing about this flaw, thousands of people do... now it's even LESS SECURE than before? I would have never thought to tap Emergency Call, Double Tap, Click Contact Info, Click a Website... geeze, that would take quite a bit of digging to learn that one (especially for the average person who picks up your iPhone if you've left it lying around). Note: I am sorry if I used some of the same words as you... I wasn't trying to copy.
What you SHOULD have done is put in the freakin' bug report to Apple and been professional about it so that Apple could fix it before it became known to everyone.
Except that's exactly what Adam did, greenmymac posted it after Adam found it with identical lettering, Adam only submitted it to Apple, TUAW and MacRumors, greenmymac somehow got to it and posted it with changing like 2 words.
According to you, while you have no proof of how he got it or where he could have taken it from.
Thank you..... He needs to get over that cause its not true and there is not proof
Whats the difference when a company finds a huge exploit in OS X or Windows and they post about it on a site such as Macworld etc. and Thousands of people read that?
No problem, it just ceases to amaze me as to how stubborn some people can be, it is just a coincidence. And if this user actually cared, then they would have made their own thread when they found it.
What I'm saying is... who cares... Why does it matter? Nobody should have made this public. This is just going to make it easier for people to get unauthorized access to locked iPhones.
While making security flaws public knowledge exposes many more users to security risks, it also educates the typical iPhone user of the risks as well as the current "solution" in changing the behavior of the home button. It's a double edged sword...
I'm gunna go out on a limb here, but who has access to MR news submissions?
He IS a Demi-God. Does that give him access? That would be how he copied it.
He IS a Demi-God. Does that give him access? That would be how he copied it.