Some members of Macrumors forums have discovered a security flaw in iOS 4.1.
The security flaw allows someone to get access to the iPhone Contacts and also send an email or MMS even with passcode protection using a combination of a sleep button and fake emergency call even if it is locked with a passcode.
MacStories explains how the bug can be reproduced:
To reproduce the bug, make sure to have a passcode lock turned on and lock your device. In the lockscreen, tap on Emergency Call in the lower left corner. Now type a non-existent emergency number, I tried #946494. Start the call, and as soon as the red button appear hit the sleep button. You’ll be brought to the contact list.
I also noticed that while in this “forced Phone.app mode” you can’t go back to the homescreen but you can invoke the multitasking tray, even if tapping on apps won’t work. I was able to make SBSettings (jailbreak required) appear, but it didn’t work either. To return to the lockscreen from this forced mode, start a new call and end it. As @abrahamvegh also points out, trying to force quit the phone app will open Voice Control. It looks like you won’t be granted full access to the device through this flaw, but you’ll be able to make phone calls and access contacts nonetheless.
MacStories also reports that using the security flaw someone can also send emails and MMS:
the Field Test application won’t start either in the “protected mode”, but you’ll be able to gain email access. Tap on a contact, then “share contact” and boom – you can send an email. As you can guess, email access exposes all your configured email address and contacts. MMS sharing works as well.
MacMagazine (Brazil) has published a video, which shows how the bug can be reproduced:
We were able to reproduce the bug. The security flaw has already been reported to Apple so lets hope that it is fixed in iOS 4.2, which is expected to be released in November.
Let us know if you are able to reproduce the bug.