• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Huge Secuirty Flaw in firmware 2.0.1 and 2.0.2
    Fortunately, there's a way to avoid this obvious security breach until Apple fixes it.

    First, password protect your phone and lock it. Then slide to unlock and do this:

    1. Tap emergency call.
    2. Double tap the home button.

    Done. You are now in your favorites. This seems like a feature, because you may want to have emergency number in your favorites for quick dial. The security problem here is double. The first: anyone picking up your phone can make a call to anyone in your favorites. On top of that, this also opens access to your full Address Book, the dial keypad, and your voice mail.

    If that wasn't bad enough, the second one is even worse: if you tap on the blue arrows next to the names, it will give you full access to the private information in a favorite entry. And it goes downhill from there:

    • If you click in a mail address, it will give you full access to the Mail application. All your mail will be exposed.
    • If there's a URL in your contact (or in a mail message) you can click on it and have full access to Safari.
    • If you click on send text message in a contact, it will give you full access to all your SMS.

    Hopefully, this major security break that fully exposes your most private information will be solved as soon as possible. Until then, you can avoid any potential breach doing the following:

    1. In the iPhone home, go to Settings.
    2. Click on General.
    3. Click on Home Button.
    4. Click on either "Home" or "iPod".

    This way, the double-click on the home button will take the user back to the unlock screen (if you use "Home") or the iPod screen. I recommend using Home. You will lose the ability to quickly access your favorites for a quick call—which is one of my favorite features—but that's better than having all your private mails, contacts, and SMS database compromised. UPDATE: Evidently Apple has a fix coming in their next firmware update, but we've got no word on when that release is planned


    Source: Major Security Flaw in 2.0.2 - Mac Forums and every other iphone news site and our own member RaMod and One1
    This article was originally published in forum thread: Huge Secuirty Flaw in firmware 2.0.1 and 2.0.2 started by .:MirrorminD:. View original post
    Comments 62 Comments
    1. Emir S.'s Avatar
      Emir S. -
      Quote Originally Posted by Muggz5 View Post
      Yeah I really dont see an issue with this. I dont know Id consider it a security breach either. I guess its really no more of a breach then leaving your wallet on the table and walking away. No one in the right mind would really do this, just as I dont leave this phone on my desk or if it left out its at home, and surely my wife wouldnt steal mine since she has one

      Although I think its informative and I did change it from my favorites to just the home screen as suggested. It also reminded me to turn off ipod controls, because nothing is more aggrevating than having the ipod run all day in my pocket because I accidentally somehow double tapped the home key. (which ive done a few times and drained my battery )

      Was this an attempt at a "back door" just in case someone forgot their password and they dont have to reload the firmware? ( I doubt it but it comes to mind) Or do they have ethical hacks that can get through that?

      Also is this extremely important person with these highly classified contacts addresses etc etc so easily available that someone who wants this info can get close enough to physically steal it? Why not instead of going through that much trouble just hack into their computer where they sync and steal it from their address book iTunes syncs to. You would certainly know about itunes if you knew about favorites and keys to get to those favorites.


      So again, this is why I say "its not that big of a deal"
      All enterprise employees (the BB users that Apple would like to convert over) use exchange or another form of push to device not only for convenience but security as well.

      Security is key in the business world. With the insane amount of espionage and foul play, one can never be too secure.
      Now Apple has incorporated remote deletion of sensitive data on the iPhone because it attempts to play into the business world where BB dominates (for very good reasons).

      Problem is that Apple's lack of experience in that field disallows them to think ahead in terms of security and base features.

      Fact is, iPhone's "Business+Security" gimmick was tacked on as an afterthought as it's more then obvious the device wasn't developed with enterprise in mind.

      Luckily, most people in need of enterprise features are smart enough not to get an iPhone.

      I still use my work BB and my Moto Q for all things work.
      iPhone to me is exactly what it was intended to be; iPod with a built-in phone....and as that, I really like it.

      @ qumahlin
      Cracking BB's security takes effort, a laptop and a cable. It also requires software.
      It also takes time. Enough time for the owner of the device to give his IT tech a call to whipe his/her phone remotely.
      That MUCH better then doing it from the phones own lockscreen!

      Everything can be cirmumvented but it seems that the iPhone is the easiest of them all.
    1. one1's Avatar
      one1 -
      Quote Originally Posted by .:MirrorminD:. View Post

      Source: Major Security Flaw in 2.0.2 - Mac Forums and every other iphone news site and our own member RaMod
      ummmmm time stamp check please......http://www.modmyi.com/forums/general...rity-flaw.html
    1. dale1v's Avatar
      dale1v -
      Quote Originally Posted by qumahlin View Post
      Pffft. Your argument would be great if Blackberry's were much different. If someone is trying to steal your phone to get to your corporate data a quick search of the internet will introduce them to many many programs to accomplish the task.

      This pretty much just saves the theif from having to connect the phone to a PC.
      Quote Originally Posted by Emir S. View Post
      Cracking BB's security takes effort, a laptop and a cable. It also requires software.
      It also takes time. Enough time for the owner of the device to give his IT tech a call to whipe his/her phone remotely.
      That MUCH better then doing it from the phones own lockscreen!
      Was thinking that same thing
    1. Muggz5's Avatar
      Muggz5 -
      @ Emir:

      That is an extremely valid point and for the sake of not making my post longer I left it out. I guess when they have their weekly/daily marketing meeting it obviously was an idea put out on the table to "compete with BB and corporate needs"
      Thats why they (apple) are always going to play catchup in this area, when going against BB which was initially and specifically designed for the Corporate World first then wanted to expand their sales by going after the casual non business user. Same for Apple just in reverse.
      Which is why it took them 5 firmware updates before they made Exchange Server possible on the iPhone. The people however who need Mobile MSN and Exchange Server are still buying Palm and BB phones and not iPhone. I guess if they want some real insight on Business Enterprise and Security, hire a couple fellas from Cisco or like companies...

      Bottom line I upgraded to the iPhone from an iPod Nano and a Blackberry Pearl. Its (iPhone) entertainment and now becoming a side job for fun and a little extra cash. along with kick *** features while not on my computer at home or work. I love this mini laptop we call a phone but security isnt quite what you think about when an ipod excuse me iphone..
    1. idolpunk's Avatar
      idolpunk -
      security breach or not, this is a big deal. That being said, if you're that worried about security you should probly stay away from apple software in general. They don't have the best track record for being secure
    1. dale1v's Avatar
      dale1v -
      Quote Originally Posted by idolpunk View Post
      security breach or not, this is a big deal. That being said, if you're that worried about security you should probly stay away from apple software in general. They don't have the best track record for being secure
      uhhhhh.....
    1. Muggz5's Avatar
      Muggz5 -
      Quote Originally Posted by idolpunk View Post
      security breach or not, this is a big deal. That being said, if you're that worried about security you should probly stay away from apple software in general. They don't have the best track record for being secure

      umm ok.
    1. Reket's Avatar
      Reket -
      Im pretty sure this was always the case since the first iPhone came out!
    1. iRoach74's Avatar
      iRoach74 -
      damn! now i gotta switch my double tap home from iPod to favorites. i couldnt care less if people see my contacts and such but there is no way im letting anybody see all the homosexual music i have!
    1. mtwiford's Avatar
      mtwiford -
      lmao
    1. Muggz5's Avatar
      Muggz5 -
      Quote Originally Posted by iRoach74 View Post
      damn! now i gotta switch my double tap home from iPod to favorites. i couldnt care less if people see my contacts and such but there is no way im letting anybody see all the homosexual music i have!

      hahahahaha
    1. Macboy67's Avatar
      Macboy67 -
      Welp I guess I'm going to downgrade to 1.1.4 until this gets patched.
    1. ProfessorChaos's Avatar
      ProfessorChaos -
      i dont passlock my phone...if i lost my phone and some nice person wanted to give it back....how would they contact anyone if the phone is code locked...

      i dont see the point in password locks unless its a phone for business. i.e. if your company issued it to u for work use as well. Because if you lost the phone...odds are you wont be getting it back, passlock or not.
    1. iBwizzle's Avatar
      iBwizzle -
      I feel you on that one man. Its a huge problem? No, you people are too sensitive! Like my man, no homo, said"

      Quote Originally Posted by ProfessorChaos View Post
      i dont passlock my phone...if i lost my phone and some nice person wanted to give it back....how would they contact anyone if the phone is code locked...

      i dont see the point in password locks unless its a phone for business. i.e. if your company issued it to u for work use as well. Because if you lost the phone...odds are you wont be getting it back, passlock or not.
      "!

      So stop cryin' and keep your eye on your precious little toy. If I happen to come up on an iPhone its a wrap! I'ma restore and keep that sucker. But if it doesn't have a passcode and I browse through it and some how I see that it is an honest person, I might just be happy enough to give it back!

      _______________________
      iGet enough exercise just pushin' my luck!
    1. stalli_ker's Avatar
      stalli_ker -
      has anybody noticed that once ur in the favorites you can access dock??
    1. adrian1480's Avatar
      adrian1480 -
      Quote Originally Posted by dale1v View Post
      uhhhhh.....
      to a certain degree, he is correct. Much of Apple's so-called security is nothing more than its OS' not being an interesting enough target for hackers to waste their time on. Not because of some unhackable ingenious coding on the part of Apple software engineers.

      And they don't even try to keep their software from getting pirated at all.
    1. DarkoNova's Avatar
      DarkoNova -
      Quote Originally Posted by dale1v View Post
      I've seen the same response all over the net, and it annoys me: "it's not a big deal"
      It's a big problem. This phone is supposed to be approaching:
      Enterprise-ready.
      that means: Security please.

      For Average Joe, having the ability to access contacts and mail through unofficial means may not be a big deal to:
      Average Joe

      For an enterprise who send plenty of confidential emails to employees a day, or a businessman with clients contact details on his phone, having the ability to access private data like this is NOT ON.

      Of the millions of iPhone users globally, can we all really say (with confidence) that all of them will be Average Joe's and that all of them will be kind, pure and just? Please.

      I think some of us need to step out of "everything-is-happy-and-perfect-in-Apple-Land" and start looking at the circumstances and possible consequences of leaving gaps in software that take place in the Real World.
      I don't know where you got the "everything-is-happy-and-perfect-in-Apple-Land" garbage, but it certainly doesn't apply to me. There's lots of things I don't like about my MacBook and my iPhone, so no (I can make my fonts huge, too ).

      And really, if anyone is using the iPhone as their sole business phone, they're retarded. Plain and simple. Everything I've ever read, and everyone I've ever talked to says they have a Blackberry or some other smart phone for work, and then an iPhone for everything else. The majority of business workers know that the iPhone is still basically just a phone for the ignorant masses, it is no where near where it needs to be if people plan on using it as their sole business phone.

      So if you use it for work purposes, leave it on a table somewhere and it gets swiped and your information is stolen...that's your own damn fault.

      Quote Originally Posted by adrian1480 View Post
      And they don't even try to keep their software from getting pirated at all.
      Probably because no matter what kind of protection or encryption companies try to put on their software, a good majority (if not ALL) of it eventually gets pirated.

      Matt
    1. dale1v's Avatar
      dale1v -
      I don't know where you got the "everything-is-happy-and-perfect-in-Apple-Land" garbage, but it certainly doesn't apply to me. There's lots of things I don't like about my MacBook and my iPhone, so no (I can make my fonts huge, too ).

      Quote Originally Posted by dale1v View Post
      I think some of us need to step out of "everything-is-happy-and-perfect-in-Apple-Land" and start looking at the circumstances and possible consequences of leaving gaps in software that take place in the Real World.
      DarkoNova, I didn't mention your name, so if it doesn't apply to you, move on.

      And really, if anyone is using the iPhone as their sole business phone, they're retarded. Plain and simple. Everything I've ever read, and everyone I've ever talked to says they have a Blackberry or some other smart phone for work, and then an iPhone for everything else. The majority of business workers know that the iPhone is still basically just a phone for the ignorant masses, it is no where near where it needs to be if people plan on using it as their sole business phone.
      I said approaching enterprise ready. Apple are trying to get their phone out into the big business world, and this issue is pretty serious. I still stand by my point. If you think people are retarded or not, you cannot speak for the millions of iPhone users out there, and neither can I, hence why in my penultimate line, I mentioned the word "circumstances".

      So if you use it for work purposes, leave it on a table somewhere and it gets swiped and your information is stolen...that's your own damn fault.
      I can give you a different situation if you want. Mugging, stalker, blackmail...
    1. Nicholas Knight's Avatar
      Nicholas Knight -
      Wow I think how all these points make no sense haha. I like the one that says if you concerened with what you have in your enterprise server maybe you shouldnt be doing it. Dude I work for the Cal state system and there is a lot of sensitive info being passed around. This may be a bug but its not that big of a deal. You yourself can fix it and it will be patched out simple as that this is a useless thread full of unfacillitated arguments which hold no actuall girth. The petty fighting stops now.
    1. dale1v's Avatar
      dale1v -
      I hate you nick.
      Conspiracy!

      *looks at DarkoNova and nickmc01 with hate*