Anuser has found a way to bypass the handset's passcode lock screen and access the phone application.
A few button presses are all that's involved. When faced with the passcode lock screen, tap emergency call, type in a random number, tap the call button, and press the lock button on top of the phone immediately after. Hey presto! You're into the phone application, where you can have a good nose through the call history, voicemails and address book, and make calls too. You can also select a contact in the address book to send emails and MMS messages.
The flaw affects iOS 4.1, an operating system update for the iPhone 4, 3G and 3GS. The issue was discovered by a member of the Mac Rumors forum. A Boy Genius Report video of the flaw can be seen below.
We've tested the vulnerability. It works and it's bad -- but it's not as bad as it could have been. As the home button is inactive, you can't leave the phone application without placing a call. Once you've made a call, you're sent back to the passcode screen. It's not as bad as someone having complete access to the handset, then.
This isn't the first time security issues have affected the iPhone. Last year, researchers demonstrated how an attacker could use special text messages to take complete control of an iPhone. More recently, hackers discovered you could take control of an iPhone 4 by using the same vulnerability that's been used to jailbreak it. The passcode flaw will undoubtedly be fixed via an update soon.
If you have an iPhone, try out the passcode trick and let us know what you make of it in the comments section below.
Image credit: Engadget