Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
09-23-2008, 02:20 AM #1
Did Apple clear out all the security flaws with 2.1? Nope, they didn't...
Remember the major security threat introduced with 2.0.2 which allowed anyone to access all the major phone application even if you had a passcode?
Apple said that they fixed the security. But, actually security not completely fixed. Another major bug still exists (one that has been around forever). The Emergency Call mode in passcode screen which is just meant to call emergency numbers like 911 can actually be used to call any number!
This is a big flaw as anyone can make a call and make you pay a big bill if somehow he/ she gets the phone! This means that iPhone Passcode is a big failure as anyone can access the main feature of iPhone really easily even if you think you have secured it.
You can reproduce the bug as follows:
- Set a passcode lock.
- Lock the phone and slide to unlock.
- Click on the Emergency call button and dial any number of your choice.
Though, apple can fix it by just an update, I think the better way is to add a setting to lock each app with a different code even if you are on the main screen. This feature could also be great in the sense that we can protect all our personal stuff (like messages, videos ).
We think Apple would adopt the first method but Steve, please think about the second one too!
[MacRumors iPhone Blog]
Last edited by sayam; 09-20-2008 at 09:30 AM.
The Following User Says Thank You to sayam For This Useful Post:
09-23-2008, 02:29 AM #2
this was present in older firmwares. Dating back to 1.1.4 I think.
or at least if memory serves correctly. Someone with a 1.1.4 phone check.
Last edited by 461am; 09-23-2008 at 02:29 AM. Reason: Automerged Doublepost
09-23-2008, 03:21 AM #3
I wonder if this can be done without a SIM card... Probably not though.
09-23-2008, 03:29 AM #4
This existed on the very FIRST firmware ever released... its been a bug that never really was addressed
09-23-2008, 03:46 AM #5
lol that fails, hard.[RIGHT][LEFT][IMG]http://lookpic.com/i/470/QsIbAobp.jpeg[/IMG]
[/LEFT][QUOTE]Microsoft owns the internet through Hotmail. The .HTML is short for Hotmail, so all .HTML files are MS files.[/QUOTE][URL="http://twitter.com/dale1v"][SIZE=2][COLOR=Cyan][I]twitter.com/dale1v[/I][/COLOR][/SIZE][/URL]
09-23-2008, 03:53 AM #6
if you read the post clearly, everywhere i say that it has not been cleared out. i have nowhere mentioned that it was introduced with 2.1
09-23-2008, 03:55 AM #7
sorry. You're right, I didn't read it properly.
09-23-2008, 04:00 AM #8
09-23-2008, 04:03 AM #9
i posted it 4 days ago but it got approved today
09-23-2008, 04:09 AM #10
Well, it will complicated to allow just preset emergency numbers to be dialed - as each country as its own, and some have more than one.
I don't know if it is mandatory for any phone to be able to dial an emergency number (all my cell phones allowed it - even if they were password locked)
But if Apple someday "locks" it I just wonder how long it will be until someone tries to sue them because they *had* to make an emergency call from an iPhone and were unable to.
09-23-2008, 04:27 AM #11
and how exactly is this done?
09-23-2008, 05:06 AM #12
Well this flaw was helpful to me :P Had the phone blocked recently during the 2.1 update, but atleast I could call my girlfriend up and tell her that my phone was down, lol.
Anyways, if someone does end up stealing your phone, can't they just do a custom restore and use the phone?? Whats the point of the security lock...
I don't care if they access my personal info, if the phone is stolen...the thief should not be able to use my phone!! LOL.
They should have the security passcode popping up during restore :P
09-23-2008, 06:55 AM #13
i really like this since when i get in trouble , real trouble i dont have time to slide and enter passcode open phone and dial
i just slide emergency call dial and voilaaaaa!!! i hope they dont remoe this bug
09-23-2008, 06:56 AM #14
Yeah this has been around for a while now, I actually find it quite useful sometime you need to call someone in a hurry and entering the pass-code just takes more time doing via the emergency button really helps. Somehow I doubt that apple has done this by accident I think it's there on purpose. Either way for those security conscious maybe that should let you have the option of disabling it but if you iPhone gets stolen call your carrier and block it most insurance ( at least in australia covers you for that stuff) besides how much worth of calls can someone really knock up on your phone in the time it takes you to call your carrier
Just my 2cents
The Following User Says Thank You to king_mohamed02 For This Useful Post:
09-23-2008, 08:15 AM #15
really.... For AT&T you have boat load of minutes anyways so why care.
A missing phone for me is an excuse to finally get the Tmobile G phone that my wife won't let me buy,
09-23-2008, 08:27 AM #16
even tho i lose my iphone people around here wouldnt know how to get pass the passcode. only people that know is the people that come to this site. so no worries for me.
09-23-2008, 09:29 AM #17
not nearly as big a deal as people being able to get your personal info
09-23-2008, 12:00 PM #18
Honestly, I don't think this is a 'bug' at all. There are a LOT of numbers you could be calling in an emergency. Think about it, what makes 911 the only legitimate number to dial for emergency anyways? If you're stranded on the highway and need to call your wife to come pick you up, is that not an emergency? The phone saying 'Emergency Call' just means that it is for calls that need to be made urgently, without spending the time to unlock the phone first.Comprehensive iPhone 2.1 FAQ:
09-23-2008, 12:20 PM #19
Last edited by tattoojack; 09-23-2008 at 12:20 PM. Reason: Automerged Doublepost
09-23-2008, 01:44 PM #20
That feature (among others) is missing from the iPhone.
If it was done on purpose, what's the point of the passcode?