A security hole has been discovered in iPhones running iOS 4.1, which allows anyone to bypass the iPhone lock screen to make unauthorised phone calls.
According to a MacForums member, the flaw can be exploited by simply tapping the emergency call button, then dialling any non-emergency number instead, such as ### and immediately tapping the lock screen, which will give the user access to the phone’s contacts app. We have tested it ourselves on an iPhone 4 and confirm that it does work.
The potential security ramifications from the bug is doubtless huge, not least for the fact that anyone can gain access to your contacts list and photos without your knowledge. On the bright side, reports have already emerged that this method doesn’t work with the iOS 4.2 beta, so presumably Apple already knows about it and is working on fixing it.
iOS 4.2 is expected to hit supported devices next month. So until then, best keep an eye on who’s using your phone.
Was this article helpful?