Friday, August 29, 2008

Security flaw exposes password-protected iPhones

A serious security hole in the latest iPhone software exposes email, text and voice messages to whoever gets their hands on the device, despite it being password-protected.

Clicking emergency call and double-clicking the 'home' button brings up the favourites on iPhone 2.0.2, which opens up the address book, the dial keypad and voicemail, according to a report on Gizmodo, which got the tip on the hole from the MacRumors Forum.

Then, clicking on the blue arrows next to the names gives access to private information in a favourite entry, clicking in a mail address opens up the mail application, clicking on a URL in the contact information opens up Safari, and clicking on 'send a text message[ in a contact gives full access to the text messages.

The report suggests using the 'home' setting so that double-clicking on the home button will take whoever is holding the phone to the unlock screen page.

Engadget reports that a fix for the hole will be included in the next firmware update, but it's not known when that update will come.

Representatives from Apple did not respond to emails seeking comment.


source: Elinor Mills CNET News.com

No comments: