9to5 Mac released a tidbit of news today that got Twitterers Twittering. What was the Twitter all about? Apparently a security flaw in IOS 4.1, and possibly earlier versions as well. There was so much buzz that even Wired picked-up the story, which is how we heard about it. There seems to be some debate if it is really a security flaw or a design choice for EMT crews, but the cat is out of the bag so if the choice was a conscious one, you can bet it will be fixed. Reports are that 4.2 Beta 3 doesn't share the "bug." Reports are that iPhone 4.1 on a 3Gs has the "bug" as well. What's the bug? It seems that if you enter a specific combination of keystrokes on any locked iPhone using at least iOS 4.1 you can gain access to the phone's address book, call log and voice mail; basically the iPhone Phone App. You can't though access any of the applications or e-mail. To get back to the lock screen holding down the home screen until the Voice Dail App comes up seems to reset the phone back to the lock screen. Essentially, you could see the call log or get a phone number off someone's iPhone and as long as they didn't see you they would be known the wiser. [ad#468x60 Banner] I can see how this could be useful to EMT workers, but the phone not letting the owner of the phone know that the address book had been breached is definitely an issue.
I've verified that this does work and it's very easy to do. Just following these instructions:
- Lock your iPhone
- Tap Emergency Call
- Press # Three Times (# # #)
- Immediately Press the Lock Button (Button on Top of your iPhone)
- You now have limited access to the iPhone, but full access to the Phone App!
It's a little scary, but if reports are true when iPhone 4.2 comes out in November (official release date not yet announced) it looks as though this security loop hole will disappear.