X

Security hole opens up password-protected iPhones

Users report serious security flaw in iPhone 2.0.2 that exposes mail, texts, voice messages, and browser to strangers despite the device being password-protected.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills

A serious security hole in the latest iPhone software exposes e-mail, text, and voice messages to whoever gets a hold of the device despite it being password-protected.

Basically, clicking emergency call and double-clicking the "home" button brings up the favorites on iPhone 2.0.2, which opens up the address book, the dial keypad and voice mail, according to a report on Engadget, which got the tip on the hole from the MacRumors Forum.

Then, clicking on the blue arrows next to the names gives access to private information in a favorite entry, clicking in a mail address opens up the mail application, clicking on a URL in the contact information opens up Safari, and clicking on "send a text message" in a contact gives full access to the text messages.

The report suggests using the "home" setting so that double-clicking on the home button will take whoever is holding the phone to the unlock screen page.

Engadget reports that a fix for the hole will be included in the next firmware update, but it's not known when that update will come.

Representatives from Apple did not respond to e-mails seeking comment.