iPhone Bug Allows FaceTime Calls Even With Passcode Lock

Facetime

A bug in iOS 5.0.1 can let a rogue person, in possession of your passcode protected iPhone 4 or iPhone 4S with voice dialing deactivated, make FaceTime calls and view certain fields of your contacts from the lock screen.

The hack, which was discovered by Canadian tech writer Ade Barkah, exploits the Emergency Dialer accessible via the lockscreen to accomplish this task.

You could reproduce this bug on your passcode protected iPhone with voice dialing disabled following these steps:

  • “Slide to unlock” on the lockscreen, and instead of entering the passcode, hit the “Emergency Call” button to get the emergency dialer.
  • Now long press the home button to bring up Voice Control and try to FaceTime with any of your contacts.
  • The call goes through, and you’ll be able to FaceTime with a person from your locked phone.

Even if a person in your contact list doesn’t have FaceTime set up, you can see the contact’s image on the screen.

Although the same process could be replicated for voice calling a person, the voice call doesn’t actually go through, but it could be used to reveal other information as explained below.

The loophole could be used to see certain details of a contact by a hit and trial method. For instance, you have two entries for a contact named “Bob,” and you tell Voice Control to “Call Bob,” it would present the full names of both Bobs. Similarly if a contact has two phone numbers, with one of the phone numbers filed under a custom field, Voice Control would present both these fields (not the number), which could potentially leak private information.

This isn’t a very serious flaw, though. For starters the phone would need to be connected to a Wi-Fi network. If it is, the person in possession of your phone would need to have some knowledge of your address book. And since the problem is only with Voice Control and not Siri, majority of iPhone 4S users won’t be affected. (Only when Siri is disabled, does Voice Control show up.)

It is a bug nonetheless, and Apple would most likely fix this in the upcoming iOS 5.1 update.

Ade has, in the past, discovered similar bugs which make information that should ideally be private, accessible via the lock screen.

Does this sound like a security threat to you?

[Peekay via CNET]

  • Apple

    This is solved in 5.1 Beta

  • http://www.gyemen.com شات يمني,دردشة يمنية

    nothing in this world is bug free

  • What ever

    meh

  • http://www.motorbeam.com/ fas

    How come Apple still has so many errors in IOS?

  • ExRoot

    Meh……..Actually not that big of a deal to me.

  • VincentN

    I found another similar bug on an iPhone 4 running on iOS 5.0.1:
    A missed called can be called from the lockscreen just making a slide to the right, even if your phone is password protected !!
    You’re not asked your password, the call goes through !
    Nice bug isn’t it ?
    Anyone noticed this too ?

    Vincent

  • mohd

    this is actually a good bug this way if somebody stole your iphone u can call facetime maybe they’ll answer it and u can see their face , Voilà……

  • Dom

    This bug also works on a 4th generation iPod touch — just activate Voice Control from the lock screen and say “FaceTime (one of your contacts).”