SECURITY HOLE in iPhone passcode lock

superlatives

macrumors member
Original poster
Aug 1, 2007
31
0
Hi:

FYI this is my first post here.

Given that there's no "loss coverage" for the iPhone, I decided to put a passcode on my handset; I figured that at least it would make it a bit harder if some crook swiped my iPhone.

This AM I discovered the new iPhone patch and applied it to my phone. However, in the process of upgrading, I found a possible "hole" in the passcode lock. The way it's designed, iTunes SHOULD not allow a "foreign" iPhone to connect if that handset has a passcode.

But I found a way for a crook to bypass the iTunes lockout ... and as a result, be able to access the victim's iPhone -- as well as the handset's activated SIM card and wireless service.

How? There are two ways:

1. The simplest is to enter iPhone Recovery mode (hard boot with the yellow arrow); or

2. Install Jailbreak on the handset.

After that, when you connect the iPhone to a CLEAN copy of iTunes, you can then connect.

Once connected , all the thief has to do is perform a full system restore.

When the restore is complete, iTunes will prompt for a new activation. HOWEVER ... since the SIM card is already activated, all you have to do is leave the iPhone connected for less than a minute. Eventually, AT&T's towers will see the already-activated SIM and "re"-activate service.

FYI I tried this on three PCs that had NEVER had iTunes installed. PC 1 saw the passcode lock and refused to connect. PC 2 connected to an iPhone in the middle of Recovery mode. PC 3 connected to a passcode-locked iPhone with Jailbreak installed.

I don't know if a hole like this CAN be fixed, short of the passcode being written to a chip.

Bottom line: the passcode isn't invulnerable.

I welcome any thoughts ... or better yet, any suggestions on how to secure my iPhone better (short of keeping it in a safe!).

For now, I've UNlocked my own iPhone; I'm sure the crook that MAY steal my handset will have read this post ... so why go through all the added keystrokes?!? :)
 

Canuck4

macrumors 6502a
Jul 31, 2007
580
0
Do you really think a crook/thieve that might steal a cell phone would know how to do all that? :D
Either way if you lose it or get it stolen you're screwed.
 

Andrmgic

macrumors 6502a
Jun 27, 2007
531
1
If someone gains physical access to a computer, there is nothing you can do to stop them from getting into it if they want to.

the same applies to your iphone, or any pda or smartphone.

If someone steals your phone, I would think them bypassing your lock code on the phone would be the least of your worries.
 

Canuck4

macrumors 6502a
Jul 31, 2007
580
0
Well said.
I wish it had a self destruct feature in it incase it gets stolen you can shut it down by deactivating it :D
 

chadsteruw

macrumors member
Jul 14, 2007
84
10
Seattle, WA
Hi:

FYI this is my first post here.

Given that there's no "loss coverage" for the iPhone, I decided to put a passcode on my handset; I figured that at least it would make it a bit harder if some crook swiped my iPhone.

This AM I discovered the new iPhone patch and applied it to my phone. However, in the process of upgrading, I found a possible "hole" in the passcode lock. The way it's designed, iTunes SHOULD not allow a "foreign" iPhone to connect if that handset has a passcode.

But I found a way for a crook to bypass the iTunes lockout ... and as a result, be able to access the victim's iPhone -- as well as the handset's activated SIM card and wireless service.

How? There are two ways:

1. The simplest is to enter iPhone Recovery mode (hard boot with the yellow arrow); or

2. Install Jailbreak on the handset.

After that, when you connect the iPhone to a CLEAN copy of iTunes, you can then connect.

Once connected , all the thief has to do is perform a full system restore.

When the restore is complete, iTunes will prompt for a new activation. HOWEVER ... since the SIM card is already activated, all you have to do is leave the iPhone connected for less than a minute. Eventually, AT&T's towers will see the already-activated SIM and "re"-activate service.

FYI I tried this on three PCs that had NEVER had iTunes installed. PC 1 saw the passcode lock and refused to connect. PC 2 connected to an iPhone in the middle of Recovery mode. PC 3 connected to a passcode-locked iPhone with Jailbreak installed.

I don't know if a hole like this CAN be fixed, short of the passcode being written to a chip.

Bottom line: the passcode isn't invulnerable.

I welcome any thoughts ... or better yet, any suggestions on how to secure my iPhone better (short of keeping it in a safe!).

For now, I've UNlocked my own iPhone; I'm sure the crook that MAY steal my handset will have read this post ... so why go through all the added keystrokes?!? :)
In the mean time that the crook is trying to do all that, you could be calling at&t and have them stop your service and they won't be able to use your phone.

:)
 

DoFoT9

macrumors P6
Jun 11, 2007
17,530
33
Singapore
Do you really think a crook/thieve that might steal a cell phone would know how to do all that? :D
Either way if you lose it or get it stolen you're screwed.
they would now wouldnt they!!!!! can we hide this thread so only us few can kno about it :p.

id die if i lost such a loved possession
 

Joshua8o8

macrumors 6502
Jul 2, 2007
372
0
Honolulu, Hawai'i
Well said.
I wish it had a self destruct feature in it incase it gets stolen you can shut it down by deactivating it :D
That sounds like a good idea, a self destruct feature that makes the phone blow up. Then have it timed so that it will go off when a thief is about twenty second into a phone call. Haha that would be funny.
 

Canuck4

macrumors 6502a
Jul 31, 2007
580
0
Yep, maybe it can play a small sound file from Mission Impossible before it self-destructs:D
Now that would be awesome :D
 

DoFoT9

macrumors P6
Jun 11, 2007
17,530
33
Singapore
haha thats an awsome idea!! id steal an ifone (and probably go to jail) just to listen to the theme tune haha.
 

opticalserenity

macrumors 6502a
Apr 14, 2007
596
0
You guys do know that Blackberry's do have a wipe feature right? If you lose your blackberry, all you have to do is call the Blackberry Enterprise Server Administrator and they can do a "wipe" and it basically does a restore on the device out the field, and they can totally turn it off.

Your data that way is safe, and the phone is basically useless to the thief.
 

superlatives

macrumors member
Original poster
Aug 1, 2007
31
0
Do you really think a crook/thieve that might steal a cell phone would know how to do all that? :D
Either way if you lose it or get it stolen you're screwed.
I agree that either way, I'm screwed!

When I first put the passcode on, my initial thought was "Well, if my iPhone gets heisted, at least th crook will have stolen a "brick".

As far as "deterrence", I was thinking not about the pro thief but about the office coworker. If he or she saw the phone on my desk, picked it up, and saw the passcode, th coworker would think twice.
 

superlatives

macrumors member
Original poster
Aug 1, 2007
31
0
If someone gains physical access to a computer, there is nothing you can do to stop them from getting into it if they want to.

the same applies to your iphone, or any pda or smartphone.

If someone steals your phone, I would think them bypassing your lock code on the phone would be the least of your worries.
Well, although I haven't owned TOO many handsets so far, I have to say that the iPhone is the first one where the lock CAN EASILY be bypassed. Two previous handsets wrote the passcode to an EEPROM which couldn't be accessed, even by a manufacturer's phone software toolkit. For those handsets, the manuals had repeated warnings of "Lose the lock code and there's nothing we can do to bring it back"
 

superlatives

macrumors member
Original poster
Aug 1, 2007
31
0
In the mean time that the crook is trying to do all that, you could be calling at&t and have them stop your service and they won't be able to use your phone.

:)
Chad:

You're right. And of course I would.

HOWEVER .. in that regard, I did find out something when I tested this hole.

During one "restore" of a locked iPhone, I was not "patient", and disconnected my handset from iTunes during the activation screen. (had I let the iPhone sit a minute, the SIM would've been RE-activated by iTunes).

What happened? I THINK the same thing as if AT&T disconnected service to the SIM: there was "No Service" displayed. However, all other functions (iPod, Wifi, videos, even Safari) worked. I guess it's th same as the activation bypass hack.

My point: the crook couldn't "call" ... but he could still use the other iPhone features.
 

toomer

macrumors newbie
Jul 20, 2007
23
0
When I first put the passcode on, my initial thought was "Well, if my iPhone gets heisted, at least th crook will have stolen a "brick".
That's where your understanding might have been a bit off. I don't think the passcode feature was ever intended as a 100% antitheft system (will have to go back to the manual to see what language they use to describe it). It was simply meant as a way to protect any private data you may have on the phone (confidential company emails, etc.) from falling into the wrong hands.

Yes, someone can take the phone, and do all the things you say - but it will be wiped clean as a part of the process, so your data doesn't fall into the wrong hands.

So perhaps the title on this thread is a bit wrong/alarmist.
 

yoman

macrumors 6502a
Nov 11, 2003
635
0
In the Bowels of the Cosmos
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1C25 Safari/419.3)

Canuck4 said:
Well said.
I wish it had a self destruct feature in it incase it gets stolen you can shut it down by deactivating it :D
Yeah the only problem would be if sometype of bug would arise affecting that feature. Imagine all of a sudden you feel a burning sensation in your left pant pocket and start to smell and see black smoke.
 

kdarling

macrumors P6
You guys do know that Blackberry's do have a wipe feature right? If you lose your blackberry, all you have to do is call the Blackberry Enterprise Server Administrator and they can do a "wipe" and it basically does a restore on the device out the field, and they can totally turn it off..
The latest Exchange can do remote wipe to Windows Mobile 5+ devices under its care.

I recently saw a cool app to download to other phones... you set up a special code that the phone stores away.

If you lose your phone, then you just Text message the code to it, and it locks itself. You can manually reenter the code to unlock. I like the text messaging remote control idea ... pretty slick.
 

Canuck4

macrumors 6502a
Jul 31, 2007
580
0
That would be cool.
You know where to get that prog and if it would work with an iphone?

I recently saw a cool app to download to other phones... you set up a special code that the phone stores away.

If you lose your phone, then you just Text message the code to it, and it locks itself. You can manually reenter the code to unlock. I like the text messaging remote control idea ... pretty slick.
 

Canuck4

macrumors 6502a
Jul 31, 2007
580
0
Very nice, that would be really usefull if it can work with our phones down the road.
 

Peace

macrumors Core
Apr 1, 2005
19,533
4,100
Space--The ONLY Frontier
When the iPhone does a "recover" it gets info from the computer that has the back-up for that specific iPhone.

As far as jailbreak.Same thing almost.

This is not a security hole.
:rolleyes:
 

jroo80

macrumors newbie
Jul 6, 2007
7
0
as far as making calls goes, isn't that what the sim pin is for? you lock your sim card so it requires a passcode to use it
 

MarkMS

macrumors 6502a
Aug 30, 2006
992
0
You guys do know that Blackberry's do have a wipe feature right? If you lose your blackberry, all you have to do is call the Blackberry Enterprise Server Administrator and they can do a "wipe" and it basically does a restore on the device out the field, and they can totally turn it off.

Your data that way is safe, and the phone is basically useless to the thief.
Aren't there things like this for PCs and Macs as well?