Security hole opens up password-protected iPhones

Users report serious security flaw in iPhone 2.0.2 that exposes mail, texts, voice messages, and browser to strangers despite the device being password-protected.

A serious security hole in the latest iPhone software exposes e-mail, text, and voice messages to whoever gets a hold of the device despite it being password-protected.

Basically, clicking emergency call and double-clicking the "home" button brings up the favorites on iPhone 2.0.2, which opens up the address book, the dial keypad and voice mail, according to a report on Engadget, which got the tip on the hole from the MacRumors Forum.

Then, clicking on the blue arrows next to the names gives access to private information in a favorite entry, clicking in a mail address opens up the mail application, clicking on a URL in the contact information opens up Safari, and clicking on "send a text message" in a contact gives full access to the text messages.

The report suggests using the "home" setting so that double-clicking on the home button will take whoever is holding the phone to the unlock screen page.

Engadget reports that a fix for the hole will be included in the next firmware update, but it's not known when that update will come.

Representatives from Apple did not respond to e-mails seeking comment.

Tags:
Security
About the author

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.

 

Join the discussion

Conversation powered by Livefyre

Show Comments Hide Comments
Latest Galleries from CNET
Nissan gives new Murano bold style (pictures)
Top great space moments in 2014 (pictures)
This is it: The Audiophiliac's top in-ear headphones of 2014 (pictures)
ZTE's wallet-friendly Grand X (pictures)
Lenovo reprises clever design for the Yoga Tablet 2 (Pictures)
Top-rated reviews of the week (pictures)