You're a smart, safety conscious iPhone user, right? You keep the phone set to require a 4-digit passcode every time it wakes up, so if you ever lose your baby, all your personal information is safe. But if you are running v2.0.2 of the iPhone operating system, you might as well not bother. A simple hack will get anybody past your PIN code with free access to all your mail, contacts and bookmarks. Ouch!
Acting on a tip from the Mac Rumors forums, Gizmodo's Jesus Diaz whipped up a video of the exploit in action, a ridiculously easy two-step process:
1. Tap emergency call.
2. Double tap the home button.
This drops you into the iPhones "favorites" section. From here you can make calls or send e-mail, and with a few steps you can browse to the Address Book and then on to Mail, Safari or the SMS application.
HOW TO FIX THE FLAW: Fortunately, Jesus gives us a workaround:
- Go to your iPhone's Settings screen.
- Tap on General.
- Select the Home Button option.
- Set the home button's double-tap action to something other than "Phone Favorites" -- either "Home" or "iPod."
Despite the easy fix, this is exactly the sort of thing Apple doesn't want to happen. It hardly inspires credibility for the iPhone as a secure business device.
We expect it'll be fixed in v2.1, or maybe Apple will roll out a 2.0.3 update to fix it. Until then, we can add it to the long list of Apple's iPhone 3G embarrasments.
Huge iPhone Security Flaw Puts All Private Information at Risk [Gizmodo]
