GreenMyMac discovered and published a security vulnerability for iPhone 2.0.x at MacRumours last night. The security flaw affects iPhone users who use the password protect feature when locking their keypad, but using this very simple trick gives anyone full access to your cell phone’s private information in Mail, SMS, Contacts, and even Safari.
To recreate this exploit yourself, password protect your phone and lock it. Next slide to unlock and do the following:
- Tap emergency call.
- Double tap the home button.
You should now be in your favorites. Seems like a convenient feature feature at first, but the security problem here is scary. Anyone who picks up your iPhone can make a call to anyone in your favorites and can access their address and for some service providers this will let a stranger access your voice mail.
Let’s go a little further down the rabbit hole now:
- If you click in a mail address, it will give you full access to the Mail application. All your mail will be exposed.
- If there’s a URL in your contact (or in a mail message) you can click on it and have full access to Safari.
- If you click on send text message in a contact, it will give you full access to all your SMS.
Until Apple addresses this security threat, there is an easy work around to secure your personal information.
- In ‘Settings’, select ‘General’.
- Select ‘Home Button’.
- Select either ‘Home’ or ‘iPod