Ever since Apple has launched the iPhone, it has been plagued with
variations of a security bug that allows someone to get access to your iPhone's contact list or make FaceTime calls even if you have passcode
enabled (more details here, here and here).
iPhoneIslam - developers of jailbreak tweaks such as PhoneIt-iPad and FaceIt-3GS have discovered a new variation of this security bug.
RedmondPie's Paul Morris explains how to replicate the bug based on the video posted by iPhoneIslam:
The issue is by
no means a simple vulnerability to replicate but occurs when attempting
to reply to a missed call notification from the lockscreen while the
network is ‘searching’ for a signal. The iPhone Islam team replicate the
search network requirement by removing the SIM card, waiting until
searching shows up in the top left hand corner of the device and then
swiping the missed call notification on the lockscreen to reply to the
call.
It would obviously work a lot better in locations without any
network coverage, but once they got the timing right, the device
immediately gave access to the Phone application on the iPhone,
presenting the user with access to all recent calls, favorites,
voicemails and even the entire Contacts list. Accessing the Contacts
list and viewing an individual contacts data also allows quick launch of
the SMS and email applications.
While the vulnerability seems quite
difficult to replicate based on the number of times iPhoneIslam had to
try to demonstrate the security bug, it's a bug nonetheless. It remains
to be seen if Apple deems it to be critical enough to fix it in the
upcoming iOS 5.1 software update that is expected to released on or around March 9th.
[via Redmond Pie]
0 Comment
Post a Comment