Security Bug in iOS 5.0.1 Gives Access to iPhone Contacts Despite Passcode Protection

Contacts

Ever since Apple has launched the iPhone, it has been plagued with variations of a security bug that allows someone to get access to your iPhone’s contact list or make FaceTime calls even if you have passcode enabled (more details herehere and here).

iPhoneIslam – developers of jailbreak tweaks such as PhoneIt-iPad and FaceIt-3GS have discovered a new variation of this security bug.

RedmondPie’s Paul Morris explains how to replicate the bug based on the video posted by iPhoneIslam:

The issue is by no means a simple vulnerability to replicate but occurs when attempting to reply to a missed call notification from the lockscreen while the network is ‘searching’ for a signal. The iPhone Islam team replicate the search network requirement by removing the SIM card, waiting until searching shows up in the top left hand corner of the device and then swiping the missed call notification on the lockscreen to reply to the call.

It would obviously work a lot better in locations without any network coverage, but once they got the timing right, the device immediately gave access to the Phone application on the iPhone, presenting the user with access to all recent calls, favorites, voicemails and even the entire Contacts list. Accessing the Contacts list and viewing an individual contacts data also allows quick launch of the SMS and email applications.

While the vulnerability seems quite difficult to replicate based on the number of times iPhoneIslam had to try to demonstrate the security bug, it’s a bug nonetheless. It remains to be seen if Apple deems it to be critical enough to fix it in the upcoming iOS 5.1 software update that is expected to released on or around March 9th.

[via Redmond Pie]

Like this post? Share it!

  • Chris

    Does this bug affect 5.0.1? Seems kinda silly to be reporting on security flaws in versions of iOS that are still only available to developers IMO.

    • http://www.iphonehacks.com/ iPhoneHacks

      The bug affects iOS 5 and iOS 5.0.1 according to the developer. We’ve updated the title to of the post. Sorry for the confusion.

  • http://eazynetbiz.ws Kao Saephan

    So it requires physical access to the iphone? It’d be a security bug if someone can access it remotely. These reports are being blown out of proportion. Physical access to any computer device will compromise it.

    There’s already a solution to this “bug.” If someone loses their phone, remote wipe it and be done. I’m sure the finder won’t be returning that phone, ever.

  • http://www.motorbeam.com/ fas

    But how did Apple miss this?

  • Kiwiholden

    I love these bugs cos from the contact list u can get to photos and see ppls sex pics that they thought their passcode was keeping safe

  • Trapp

    Christ is Your life like divided between eating kebabs and finding stupid ios haxes? What a crap Who cares!?