Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
09-13-2009, 07:59 PM #1
iPhone Security Hole Discovered - View iPhone Passwords
Just submitted to Apple as a bug, rpetrich (developer of the ActionMenu packages in Cydia) discovered an interesting security bug in the iPhone firmware.
If a password is inputted in a field, shake to undo, and you will be able to see the character you are deleting. Simply repeat this for every character, and you have the password.
Obviously this isn't an issue that would be useful for those with a criminal bent, as you'd have to be within grabbing distance of someone who input their password, DIDN'T navigate off the page, and then left their iPhone... but a security bug none-the-less. EDIT: rpetrich lets us know, this also works in any apps that save passwords (such as most Twitter apps) - making this bug much more severe.
EDIT AGAIN: This seems to have been fixed in FW 3.1. Which is NOT a good enough reason to upgrade yet, heh - wait for the jailbreak.
EDIT 3: The guys over at NeoWin made up a video showing this bug:
You can submit security bugs to Apple here.
↑ ↑ ↓ ↓ ← → ← → B A [select] [start] Kyle Matthews
09-13-2009, 08:04 PM #2
What about the ones who have auto-fill turned on? Doesnt that remember passwords hence the bug would work for someone to steal your password if they had your device?
09-13-2009, 08:28 PM #3
oh my oh my now thats scary =S
which FW s this for??...3.1??
Last edited by FURBY8704; 09-13-2009 at 08:36 PM.
iPHONE 3G FW 4.0 JB & iPHONE 4 4.0 READY TO BE JB=]
09-13-2009, 08:57 PM #4
Hmmm tried it on my phone in Safari but doesn't seem to happen to me. Maybe I'm doing it wrong? On iPhone 3G 3.1
09-13-2009, 09:01 PM #5
its not a defect...its a feature..
09-13-2009, 09:41 PM #6
09-13-2009, 09:59 PM #7
ya this didnt happen to me in the youtube app
09-13-2009, 10:01 PM #8
all i wanna know is "will i ever be able to jailbreak 3.1 or not??"
09-13-2009, 10:11 PM #9
Visit http://blog.iphone-dev.org/ for info on a jailbreak
The Following User Says Thank You to Melech518 For This Useful Post:
09-13-2009, 10:44 PM #10
if you are trying to do it yourself to see if it works, you have to wait a bit after you type your password or after you start to delete each character or else when u shake to undo, it will undo the whole password or all of the deletes you did to get to the other characters (if that makes sense) ... this bug def works so an easy fix would be not to auto save passwords or keep your phone tight in your hands when inputting a pw
09-13-2009, 10:53 PM #11
It works and is amazing.
09-13-2009, 11:19 PM #12
09-13-2009, 11:28 PM #13
good idea. But there are easier ways to get your passwords
09-13-2009, 11:35 PM #14
The Following User Says Thank You to angiepangie For This Useful Post:
09-13-2009, 11:38 PM #15
09-13-2009, 11:40 PM #16
They did?! Where??
Perhaps Confucious got to it.. idk.I always feel sorry for the guy in the iPhone commercials. He always gets a call right in the middle of trying to do something
09-13-2009, 11:56 PM #17
09-14-2009, 12:00 AM #18
I didn't see it.
Stealth was it on the main post or on an older one?I always feel sorry for the guy in the iPhone commercials. He always gets a call right in the middle of trying to do something
09-14-2009, 12:29 AM #19
3GS - 3.0.1 Yep, it works. And definitely not worth losing tethering or my jailbreak altogether.Does this rag smell like chloroform to you?
If I helped you, be sure to press the Thanks! button over there ->
If I didn't, press it anyway.
09-14-2009, 12:31 AM #20
OOOOOHHHHHHHH man... I just got you Stealth..
dammmmnnnnnn I was taking you seriously...
I always feel sorry for the guy in the iPhone commercials. He always gets a call right in the middle of trying to do something