Security Bug in iOS 5.0.1 Gives Access to iPhone Contacts Despite Passcode Protection


Ever since Apple has launched the iPhone, it has been plagued with variations of a security bug that allows someone to get access to your iPhone’s contact list or make FaceTime calls even if you have passcode enabled (more details herehere and here).

iPhoneIslam – developers of jailbreak tweaks such as PhoneIt-iPad and FaceIt-3GS have discovered a new variation of this security bug.

RedmondPie’s Paul Morris explains how to replicate the bug based on the video posted by iPhoneIslam:

The issue is by no means a simple vulnerability to replicate but occurs when attempting to reply to a missed call notification from the lockscreen while the network is ‘searching’ for a signal. The iPhone Islam team replicate the search network requirement by removing the SIM card, waiting until searching shows up in the top left hand corner of the device and then swiping the missed call notification on the lockscreen to reply to the call.

It would obviously work a lot better in locations without any network coverage, but once they got the timing right, the device immediately gave access to the Phone application on the iPhone, presenting the user with access to all recent calls, favorites, voicemails and even the entire Contacts list. Accessing the Contacts list and viewing an individual contacts data also allows quick launch of the SMS and email applications.

While the vulnerability seems quite difficult to replicate based on the number of times iPhoneIslam had to try to demonstrate the security bug, it’s a bug nonetheless. It remains to be seen if Apple deems it to be critical enough to fix it in the upcoming iOS 5.1 software update that is expected to released on or around March 9th.

[via Redmond Pie]