SECURITY HOLE in iPhone passcode lock

Discussion in 'iPhone' started by superlatives, Aug 1, 2007.

  1. superlatives macrumors member

    Joined:
    Aug 1, 2007
    #1
    Hi:

    FYI this is my first post here.

    Given that there's no "loss coverage" for the iPhone, I decided to put a passcode on my handset; I figured that at least it would make it a bit harder if some crook swiped my iPhone.

    This AM I discovered the new iPhone patch and applied it to my phone. However, in the process of upgrading, I found a possible "hole" in the passcode lock. The way it's designed, iTunes SHOULD not allow a "foreign" iPhone to connect if that handset has a passcode.

    But I found a way for a crook to bypass the iTunes lockout ... and as a result, be able to access the victim's iPhone -- as well as the handset's activated SIM card and wireless service.

    How? There are two ways:

    1. The simplest is to enter iPhone Recovery mode (hard boot with the yellow arrow); or

    2. Install Jailbreak on the handset.

    After that, when you connect the iPhone to a CLEAN copy of iTunes, you can then connect.

    Once connected , all the thief has to do is perform a full system restore.

    When the restore is complete, iTunes will prompt for a new activation. HOWEVER ... since the SIM card is already activated, all you have to do is leave the iPhone connected for less than a minute. Eventually, AT&T's towers will see the already-activated SIM and "re"-activate service.

    FYI I tried this on three PCs that had NEVER had iTunes installed. PC 1 saw the passcode lock and refused to connect. PC 2 connected to an iPhone in the middle of Recovery mode. PC 3 connected to a passcode-locked iPhone with Jailbreak installed.

    I don't know if a hole like this CAN be fixed, short of the passcode being written to a chip.

    Bottom line: the passcode isn't invulnerable.

    I welcome any thoughts ... or better yet, any suggestions on how to secure my iPhone better (short of keeping it in a safe!).

    For now, I've UNlocked my own iPhone; I'm sure the crook that MAY steal my handset will have read this post ... so why go through all the added keystrokes?!? :)
     
  2. Canuck4 macrumors 6502a

    Canuck4

    Joined:
    Jul 31, 2007
    #2
    Do you really think a crook/thieve that might steal a cell phone would know how to do all that? :D
    Either way if you lose it or get it stolen you're screwed.
     
  3. Andrmgic macrumors 6502a

    Joined:
    Jun 27, 2007
    #3
    If someone gains physical access to a computer, there is nothing you can do to stop them from getting into it if they want to.

    the same applies to your iphone, or any pda or smartphone.

    If someone steals your phone, I would think them bypassing your lock code on the phone would be the least of your worries.
     
  4. Canuck4 macrumors 6502a

    Canuck4

    Joined:
    Jul 31, 2007
    #4
    Well said.
    I wish it had a self destruct feature in it incase it gets stolen you can shut it down by deactivating it :D
     
  5. chadsteruw macrumors member

    Joined:
    Jul 14, 2007
    Location:
    Seattle, WA
    #5
    In the mean time that the crook is trying to do all that, you could be calling at&t and have them stop your service and they won't be able to use your phone.

    :)
     
  6. DoFoT9 macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #6
    they would now wouldnt they!!!!! can we hide this thread so only us few can kno about it :p.

    id die if i lost such a loved possession
     
  7. Joshua8o8 macrumors 6502

    Joined:
    Jul 2, 2007
    Location:
    Honolulu, Hawai'i
    #7
    That sounds like a good idea, a self destruct feature that makes the phone blow up. Then have it timed so that it will go off when a thief is about twenty second into a phone call. Haha that would be funny.
     
  8. Canuck4 macrumors 6502a

    Canuck4

    Joined:
    Jul 31, 2007
    #8
    Yep, maybe it can play a small sound file from Mission Impossible before it self-destructs:D
    Now that would be awesome :D
     
  9. DoFoT9 macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #9
    haha thats an awsome idea!! id steal an ifone (and probably go to jail) just to listen to the theme tune haha.
     
  10. opticalserenity macrumors 6502a

    Joined:
    Apr 14, 2007
    #10
    You guys do know that Blackberry's do have a wipe feature right? If you lose your blackberry, all you have to do is call the Blackberry Enterprise Server Administrator and they can do a "wipe" and it basically does a restore on the device out the field, and they can totally turn it off.

    Your data that way is safe, and the phone is basically useless to the thief.
     
  11. superlatives thread starter macrumors member

    Joined:
    Aug 1, 2007
    #11
    I agree that either way, I'm screwed!

    When I first put the passcode on, my initial thought was "Well, if my iPhone gets heisted, at least th crook will have stolen a "brick".

    As far as "deterrence", I was thinking not about the pro thief but about the office coworker. If he or she saw the phone on my desk, picked it up, and saw the passcode, th coworker would think twice.
     
  12. superlatives thread starter macrumors member

    Joined:
    Aug 1, 2007
    #12
    Well, although I haven't owned TOO many handsets so far, I have to say that the iPhone is the first one where the lock CAN EASILY be bypassed. Two previous handsets wrote the passcode to an EEPROM which couldn't be accessed, even by a manufacturer's phone software toolkit. For those handsets, the manuals had repeated warnings of "Lose the lock code and there's nothing we can do to bring it back"
     
  13. superlatives thread starter macrumors member

    Joined:
    Aug 1, 2007
    #13
    Chad:

    You're right. And of course I would.

    HOWEVER .. in that regard, I did find out something when I tested this hole.

    During one "restore" of a locked iPhone, I was not "patient", and disconnected my handset from iTunes during the activation screen. (had I let the iPhone sit a minute, the SIM would've been RE-activated by iTunes).

    What happened? I THINK the same thing as if AT&T disconnected service to the SIM: there was "No Service" displayed. However, all other functions (iPod, Wifi, videos, even Safari) worked. I guess it's th same as the activation bypass hack.

    My point: the crook couldn't "call" ... but he could still use the other iPhone features.
     
  14. toomer macrumors newbie

    Joined:
    Jul 20, 2007
    #14
    That's where your understanding might have been a bit off. I don't think the passcode feature was ever intended as a 100% antitheft system (will have to go back to the manual to see what language they use to describe it). It was simply meant as a way to protect any private data you may have on the phone (confidential company emails, etc.) from falling into the wrong hands.

    Yes, someone can take the phone, and do all the things you say - but it will be wiped clean as a part of the process, so your data doesn't fall into the wrong hands.

    So perhaps the title on this thread is a bit wrong/alarmist.
     
  15. yoman macrumors 6502a

    yoman

    Joined:
    Nov 11, 2003
    Location:
    In the Bowels of the Cosmos
    #15
    Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1C25 Safari/419.3)

    Yeah the only problem would be if sometype of bug would arise affecting that feature. Imagine all of a sudden you feel a burning sensation in your left pant pocket and start to smell and see black smoke.
     
  16. kdarling macrumors demi-god

    kdarling

    Joined:
    Jun 9, 2007
    Location:
    Cabin by a lake
    #16
    The latest Exchange can do remote wipe to Windows Mobile 5+ devices under its care.

    I recently saw a cool app to download to other phones... you set up a special code that the phone stores away.

    If you lose your phone, then you just Text message the code to it, and it locks itself. You can manually reenter the code to unlock. I like the text messaging remote control idea ... pretty slick.
     
  17. Canuck4 macrumors 6502a

    Canuck4

    Joined:
    Jul 31, 2007
    #17
    That would be cool.
    You know where to get that prog and if it would work with an iphone?

     
  18. kdarling macrumors demi-god

    kdarling

    Joined:
    Jun 9, 2007
    Location:
    Cabin by a lake
    #18
    No third party apps yet for iPhone. For other phones, it turns out there are a lot of choices:

    mSafe

    Butler

    Warden

    And those are just for Palms. Didn't search yet for Windows Mobile, but try "remote lock mobile".
     
  19. Canuck4 macrumors 6502a

    Canuck4

    Joined:
    Jul 31, 2007
    #19
    Very nice, that would be really usefull if it can work with our phones down the road.
     
  20. Peace macrumors P6

    Peace

    Joined:
    Apr 1, 2005
    Location:
    Space--The ONLY Frontier
    #20
    When the iPhone does a "recover" it gets info from the computer that has the back-up for that specific iPhone.

    As far as jailbreak.Same thing almost.

    This is not a security hole.
    :rolleyes:
     
  21. jroo80 macrumors newbie

    jroo80

    Joined:
    Jul 6, 2007
    #21
    as far as making calls goes, isn't that what the sim pin is for? you lock your sim card so it requires a passcode to use it
     
  22. gceo macrumors 6502a

    gceo

    Joined:
    Jul 13, 2007
    Location:
    San Diego, CA
    #22
    note to self: Keep in pocket.... (just like the now neglected iPod)
     
  23. MarkMS macrumors 6502a

    Joined:
    Aug 30, 2006
    #23
    Aren't there things like this for PCs and Macs as well?
     
  24. SheepNutz macrumors 6502a

    Joined:
    Jul 1, 2007
    Location:
    Kantuckee
    #24
    Well, after reading this thread, they do now!
     
  25. Canuck4 macrumors 6502a

    Canuck4

    Joined:
    Jul 31, 2007
    #25
    Yep, he messed up big time :D

     

Share This Page