• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Lockscreen Bug May Lead to iOS 4.1.1
    [ame]http://vimeo.com/16179929[/ame]


    A recently discovered lockscreen glitch may force Apple to push out a firmware upgrade ahead of the arrival of iOS 4.2 next month. [UPDATE: Apparently not, an Apple spokeswoman told Wired.com that “We’re aware of this issue and we will deliver a fix to customers as part of the iOS 4.2 software update in November.”] The bug - which allows anyone to do things like make calls, send SMS messages and access the photo library on a locked phone - appears to affect phones running 4.0.1 and 4.1, jailbroken and non-jailbroken.

    This appears to be a nuisance issue only; your friend can use it to annoy you, and if your phone is stolen you have bigger problems than people making calls to your contacts. The way it works is completely straightforward: you press "Emergency Call" from the lockscreen and then enter a nonsense sequence of digits/symbols like ###. Once the phone starts dialing, you immediately press the lock button and you're dropped into the Phone app, with access to call history and contacts. Additionally, if you go to an entry in your address book choose to share a contact via MMS, by tapping the camera icon you can go into the photo library.

    The flaw recalls a similar bug back in iPhone OS 2.0.2 which allowed you to jump from the Emergency Call screen directly to the Favorites screen of the Phone app by double-tapping the Home button. Email addresses in Favorite contacts then gave access to the Mail app, exposing all your messages.

    As usual, the only way around this built-in security hole is to jailbreak your phone. My Typophone 4 lockscreen doesn't have an Emergency Call button, nor do other lockscreen replacements like Android Lock.

    Source: [ame=http://forums.macrumors.com/showthread.php?t=1035879]MacRumors[/ame]
    This article was originally published in forum thread: Lockscreen Bug May Lead to iOS 4.1.1 started by Paul Daniel Ash View original post
    Comments 30 Comments
    1. tudtran's Avatar
      tudtran -
      That is crazy
    1. 5h4d0w's Avatar
      5h4d0w -
      I had something weird happen to me yesterday at the lock screen... I would unlock the iPod, and the screen would smudge out and random symbols would flood the screen until I clicked on an app... Happened three times. Not really related to the story, though, except that it's a new Lockscreen bug (but this one may be caused by the Jailbreak).
    1. Funked's Avatar
      Funked -
      It's a security hole, I don't think it should of been 'released' by the person who found it. Now every major iPhone blog, website, forum etc has wrote about this. And at that, it's described (in detail) on how to preform the bug. This just makes it easier for anyone who has found/stole an iPhone to abuse it. Just my thoughts on it...
    1. hotrod54chevy's Avatar
      hotrod54chevy -
      Um, I thought they said this problem didn't appear in 4.2 beta so Apple's already fixed it...?
    1. Happy Noodle Boy's Avatar
      Happy Noodle Boy -
      It's already fixed in 4.2
    1. Ichwohneinloche's Avatar
      Ichwohneinloche -
      gimme one minute and will test it with 4.2 3rd beta



      yep doesnt work. They wont release an update with the 4.2 release right around the corner is my bet.
    1. wolverinemarky's Avatar
      wolverinemarky -
      yep i have this bug too, yea i wouldnt expect a minor update ahead of 4.2
    1. mvhurlburt's Avatar
      mvhurlburt -
      My guess is that this was an intentional hidden “feature”… Maybe “easteregg” is a better word for it! I highly doubt this was a security flaw considering the sequence of events required to make it happen. Whatever engineer decided to leave this little goody will more than likely be on jobs’ **** list though. As a side note it’s kinda odd that I could only make it happen 3 or 4 times but after that no dice! Kinda weird...

      Hmm the odd thing is when I tried this last night it only worked a few times as indicated above. Since then the passcode lock has been disabled. I just re-enabled it and yes it does do it again. Strangely it also allows access to safari through multifl0w but does not allow the end user to perform any functions in safari.
    1. PhoneLine's Avatar
      PhoneLine -
      Its fixed in 4.2 beta so Apple probably already knew about it. Now that its public its more of an issue and maybe they will release a 4.1.1 for this and the alarm clock issue.

      They may just still wait for 4.2 as this is less severe a bug, and thats due soon anyway. The pdf exploit was a big deal as any site could exploit it. Simply fix here is hold onto your phone, is someone does not has access to the actual phone, this is no issue. So, in that aspect its less severe of an issue where I think they will be pressured to release a fast fix.
    1. chibgr's Avatar
      chibgr -
      hopping 4.2 will be out soon so can unlock =D stuck on 4.1 zzzzzz
    1. dsg's Avatar
      dsg -
      is this iPhone 4 only because I can't recreate it on my 3Gs
    1. LamboFan's Avatar
      LamboFan -
      Hmmmn interesting...it sucks!
    1. jabij1's Avatar
      jabij1 -
      4.2 come out already! When in november will it most likely be available? I know there's no definite answer, just looking for some thoughts..
    1. GENERATI0N's Avatar
      GENERATI0N -
      you can also access voice control which lets you in IPod
    1. qucina's Avatar
      qucina -
      Quote Originally Posted by dsg View Post
      is this iPhone 4 only because I can't recreate it on my 3Gs
      works in iphone 3gs i just did it.
    1. Shanteeman's Avatar
      Shanteeman -
      Got it to work once, but as I was trying to navigate around, it pushed me out and back to the lock screen...iPhone 4 4.01...weird
    1. Zeal's Avatar
      Zeal -
      Big deal.. ooo you can see my contacts and my numbers.. ooo... so scary.............................

      smh
    1. madczech's Avatar
      madczech -
      This reminds me of the good old jailbreakme.com times and I don't mean the on from 4.0
    1. CynicalDriver's Avatar
      CynicalDriver -
      Tested this out and got some interesting results:

      I have i4 & iOS4.1
      I could get to the phone app, but could not get it to switch to texting, thus no access to photos. There is a different way to access the photos though, which I will not detail in the interest of not helping abusers. They can probably figure it out tho.

      The writer's suggested fix (TypoPhone) also did NOT stop this exploit. I will disable all my other theme elements and try it again. Update in a few min.

      Update: Nope, does not get rid of emergency call button.
    1. l0k0's Avatar
      l0k0 -
      This is why u install AndroidLock XT on your phone. When ur phone locks, u have to put in your certain pattern to unlock the phone. You dont even get the "emergency call" feature without unlocking the AndroidLock. (as long as you have MAX ATTEMPTS disabled, you will not get the Emergency Call screen)

      So why not just use it and save urself some hassel.