+ Reply
Page 1 of 2 12 LastLast
Results 1 to 20 of 36

Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.


Thread: iPhone Security Hole Discovered - View iPhone Passwords

is a discussion within the

iPhone News

forums, a part of the

General iPhone

section;
Just submitted to Apple as a bug, rpetrich (developer of the ActionMenu packages in Cydia) discovered an interesting security bug in the iPhone firmware. If a password is inputted in
...
  1. #1
    Owner / Founder - ModMyi
    aka poetic_folly
    Kyle Matthews's Avatar
    Join Date
    May 2007
    Location
    Tampa, Florida, United States
    Posts
    8,473
    Thanks
    568
    Thanked 4,797 Times in 1,222 Posts

    Default iPhone Security Hole Discovered - View iPhone Passwords


    Just submitted to Apple as a bug, rpetrich (developer of the ActionMenu packages in Cydia) discovered an interesting security bug in the iPhone firmware.

    If a password is inputted in a field, shake to undo, and you will be able to see the character you are deleting. Simply repeat this for every character, and you have the password.

    Obviously this isn't an issue that would be useful for those with a criminal bent, as you'd have to be within grabbing distance of someone who input their password, DIDN'T navigate off the page, and then left their iPhone... but a security bug none-the-less. EDIT: rpetrich lets us know, this also works in any apps that save passwords (such as most Twitter apps) - making this bug much more severe.

    EDIT AGAIN: This seems to have been fixed in FW 3.1. Which is NOT a good enough reason to upgrade yet, heh - wait for the jailbreak.

    EDIT 3: The guys over at NeoWin made up a video showing this bug:



    You can submit security bugs to Apple here.

    rpetrich's Twitter
    .


    ↑ ↑ ↓ ↓ ← → ← → B A [select] [start] Kyle Matthews

  2. The Following 2 Users Say Thank You to Kyle Matthews For This Useful Post:

    black_orchid (09-13-2009), Kiserai (09-13-2009)

  3. #2
    The King Melech518's Avatar
    Join Date
    Feb 2009
    Location
    NYC
    Posts
    4,704
    Thanks
    107
    Thanked 1,140 Times in 586 Posts

    What about the ones who have auto-fill turned on? Doesnt that remember passwords hence the bug would work for someone to steal your password if they had your device?
    If I helped you, hit the button or be Banned!

    Download Macbook 3.1 for Winterboard-Now LIVE on Cydia-Macbook Final, Macbook Final Widget,Macbook SBSettings
    Need Hardware Repair Support?: PM ME

  4. The Following 3 Users Say Thank You to Melech518 For This Useful Post:

    Kiserai (09-13-2009), mafo5000 (09-13-2009), nitehawkz (11-17-2009)

  5. #3
    iPhone? More like MyPhone FURBY8704's Avatar
    Join Date
    Sep 2007
    Location
    South Central LA
    Posts
    177
    Thanks
    27
    Thanked 19 Times in 13 Posts

    oh my oh my now thats scary =S

    which FW s this for??...3.1??
    Last edited by FURBY8704; 09-13-2009 at 08:36 PM.


    iPHONE 3G FW 4.0 JB & iPHONE 4 4.0 READY TO BE JB=]

  6. #4
    Green Apple
    Join Date
    Feb 2009
    Location
    SF
    Posts
    30
    Thanks
    2
    Thanked 1 Time in 1 Post
    Hmmm tried it on my phone in Safari but doesn't seem to happen to me. Maybe I'm doing it wrong? On iPhone 3G 3.1

  7. #5
    iPhone? More like MyPhone ifonemaniac's Avatar
    Join Date
    Sep 2008
    Location
    U.S.
    Posts
    165
    Thanks
    31
    Thanked 22 Times in 16 Posts

    its not a defect...its a feature..

  8. #6
    Livin the iPhone Life TheOrioles33's Avatar
    Join Date
    Jul 2007
    Posts
    1,001
    Thanks
    43
    Thanked 66 Times in 52 Posts

    Quote Originally Posted by RandyC View Post
    Hmmm tried it on my phone in Safari but doesn't seem to happen to me. Maybe I'm doing it wrong? On iPhone 3G 3.1
    It's been fixed for for 3.1. You're good.

  9. #7
    iPhone? More like MyPhone sucram6791's Avatar
    Join Date
    Mar 2008
    Posts
    182
    Thanks
    126
    Thanked 10 Times in 9 Posts

    ya this didnt happen to me in the youtube app

  10. #8
    Green Apple
    Join Date
    Aug 2009
    Posts
    64
    Thanks
    5
    Thanked 4 Times in 3 Posts

    all i wanna know is "will i ever be able to jailbreak 3.1 or not??"

  11. #9
    The King Melech518's Avatar
    Join Date
    Feb 2009
    Location
    NYC
    Posts
    4,704
    Thanks
    107
    Thanked 1,140 Times in 586 Posts

    Quote Originally Posted by mrguy View Post
    all i wanna know is "will i ever be able to jailbreak 3.1 or not??"
    Don't hijack this thread. It has absolutely nothing to do with a jailbeak...
    Visit http://blog.iphone-dev.org/ for info on a jailbreak
    If I helped you, hit the button or be Banned!

    Download Macbook 3.1 for Winterboard-Now LIVE on Cydia-Macbook Final, Macbook Final Widget,Macbook SBSettings
    Need Hardware Repair Support?: PM ME

  12. The Following User Says Thank You to Melech518 For This Useful Post:

    iH85CH001 (02-01-2014)

  13. #10
    Green Apple
    Join Date
    Jul 2009
    Location
    On the Internet ツ
    Posts
    41
    Thanks
    1
    Thanked 2 Times in 2 Posts

    if you are trying to do it yourself to see if it works, you have to wait a bit after you type your password or after you start to delete each character or else when u shake to undo, it will undo the whole password or all of the deletes you did to get to the other characters (if that makes sense) ... this bug def works so an easy fix would be not to auto save passwords or keep your phone tight in your hands when inputting a pw

  14. #11
    Retired Moderator StealthBravo's Avatar
    Join Date
    Jan 2008
    Location
    TX  Follow me @StealthBravo
    Posts
    32,478
    Thanks
    44
    Thanked 5,328 Times in 3,113 Posts

    It works and is amazing.

  15. #12
    The King Melech518's Avatar
    Join Date
    Feb 2009
    Location
    NYC
    Posts
    4,704
    Thanks
    107
    Thanked 1,140 Times in 586 Posts

    ^Remind me to keep my phones away from you
    If I helped you, hit the button or be Banned!

    Download Macbook 3.1 for Winterboard-Now LIVE on Cydia-Macbook Final, Macbook Final Widget,Macbook SBSettings
    Need Hardware Repair Support?: PM ME

  16. #13
    Retired Moderator StealthBravo's Avatar
    Join Date
    Jan 2008
    Location
    TX  Follow me @StealthBravo
    Posts
    32,478
    Thanks
    44
    Thanked 5,328 Times in 3,113 Posts

    good idea. But there are easier ways to get your passwords

  17. #14
    Custom Title angiepangie's Avatar
    Join Date
    Jun 2009
    Location
    The Golden State :)
    Posts
    3,844
    Thanks
    22
    Thanked 222 Times in 211 Posts

    Quote Originally Posted by Melech518 View Post
    Don't hijack this thread. It has absolutely nothing to do with a jailbeak...
    Visit Dev-Team Blog for info on a jailbreak
    Please don't
    I'm going crazy with the "When is 3.1 jailbreak out?" posts...
    I always feel sorry for the guy in the iPhone commercials. He always gets a call right in the middle of trying to do something

  18. The Following User Says Thank You to angiepangie For This Useful Post:

    iH85CH001 (02-01-2014)

  19. #15
    Retired Moderator StealthBravo's Avatar
    Join Date
    Jan 2008
    Location
    TX  Follow me @StealthBravo
    Posts
    32,478
    Thanks
    44
    Thanked 5,328 Times in 3,113 Posts

    Someone leaked the 3.1 jailbreak on the dev teams blog several hours ago. Wow that must be annoying to deal with those guys posting it every 30 minutes. Dev-Team Blog


    Did you erase it angiepangie?

  20. #16
    Custom Title angiepangie's Avatar
    Join Date
    Jun 2009
    Location
    The Golden State :)
    Posts
    3,844
    Thanks
    22
    Thanked 222 Times in 211 Posts

    They did?! Where??
    Perhaps Confucious got to it.. idk.
    I always feel sorry for the guy in the iPhone commercials. He always gets a call right in the middle of trying to do something

  21. #17
    Green Apple
    Join Date
    Nov 2008
    Posts
    38
    Thanks
    10
    Thanked 12 Times in 6 Posts

    Quote Originally Posted by StealthBravo View Post
    Someone leaked the 3.1 jailbreak on the dev teams blog several hours ago. Wow that must be annoying to deal with those guys posting it every 30 minutes. Dev-Team Blog


    Did you erase it angiepangie?
    Now you have an accomplice to help you stir the pot?
    I wish I would have thought of that !
    I bet the dev teams blog is now getting blown up with even more hits than it already was.

  22. #18
    Custom Title angiepangie's Avatar
    Join Date
    Jun 2009
    Location
    The Golden State :)
    Posts
    3,844
    Thanks
    22
    Thanked 222 Times in 211 Posts

    I didn't see it.
    Stealth was it on the main post or on an older one?
    I always feel sorry for the guy in the iPhone commercials. He always gets a call right in the middle of trying to do something

  23. #19
    My iPhone is a Part of Me
    Join Date
    Dec 2008
    Location
    New Orleans, LA
    Posts
    950
    Thanks
    56
    Thanked 81 Times in 64 Posts

    3GS - 3.0.1 Yep, it works. And definitely not worth losing tethering or my jailbreak altogether.
    Does this rag smell like chloroform to you?

    If I helped you, be sure to press the Thanks! button over there ->
    If I didn't, press it anyway.

  24. #20
    Custom Title angiepangie's Avatar
    Join Date
    Jun 2009
    Location
    The Golden State :)
    Posts
    3,844
    Thanks
    22
    Thanked 222 Times in 211 Posts

    OOOOOHHHHHHHH man... I just got you Stealth..
    dammmmnnnnnn I was taking you seriously...
    Never againn...
    I always feel sorry for the guy in the iPhone commercials. He always gets a call right in the middle of trying to do something

Posting Permissions
  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts