digg

Facebook Connect Join Digg About
See the original image at gizmodo.com

Huge iPhone Security Flaw Opens All Private Information

gizmodo.com There's a huge security problem in the latest iPhone 2.0.2: if you have your JesusPhone password protected, using a very simple trick gives anyone full access to your cellphone private information in Mail, SMS, Contacts, and even Safari. The two-step trick is even simpler to the one used in the past to jailbreak and install unlock cards.

Who dugg this? Made popular Aug 27, 2008

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

288 Comments

show profanity settings
expand all
  • whakojacko, on 08/27/2008, -28/+177Waiting for the hardcore apple fans to say "this isnt a big security flaw".

    Apple is going to have lots of fun pushing the jesusphone to businesses with issues like these
  • lochness, on 08/27/2008, -42/+153So when is Microsoft going to FIX this... ? oh... wait... it's Apple...
    Welcome to the Big Boys table fanboi's...
  • inactive, on 08/27/2008, -4/+109I see a lot of broken marriages coming.
  • hughesj919, on 08/27/2008, -17/+104If someone has physical access to your iPhone, you're already
    screwed anyways. Just like a laptop or something. If someone has
    physical access to it, and they're smart enough, there probably isn't
    much they can't do.
  • DCGaymer, on 08/27/2008, -7/+91D'OH! I just put all my credit card info into contacts in case I had an emergency.

    /em facepalm
  • NoCt1, on 08/27/2008, -27/+102no because windows mobile has already damaged the phone.
  • pcayuela, on 08/27/2008, -50/+112Nice security hole... Let's go back to Windows Mobile ;-)
  • polarfuxx, on 08/27/2008, -5/+55Well, this is very annoying. A nice workaround to avoiding this can be to put the doulbe-click home button e.g. to the iPod. Then other persons can only see what your listening to and maybe damage your music library but they won't see personal data or be able to navigate from one function to another.
  • inactive, on 08/27/2008, -9/+44Exactly. There are already people making excuses. There are no excuses for a security breach of this nature. Period.
  • yossarian24, on 08/27/2008, -16/+48you have to physically have their phone to exploit this... if you physically had someones windows mobile phone you wouldn't be able to do equally damaging things?
  • inactive, on 08/27/2008, -6/+38Hmmm. It occurs to me that if I have your phone in my hand, iphone or not, and it's got a sim card in it, all your information belongs to me despite any soft protection the operating system of the phone in question is using to guard it.
  • Narfmaster, on 08/27/2008, -7/+36Not good, but then I'm not stupid enough to leave it lying around.
  • mattsxb, on 08/27/2008, -1/+29just tried it in 2.0.1 and same results as 2.0.2
  • bryanwebster, on 08/27/2008, -1/+27This security flaw works on my iphone 3g
  • orlyfactor, on 08/27/2008, -10/+32Set your double click to the iPod and it's "fixed".
  • SonicEarth, on 08/27/2008, -14/+36Workaround: Just don't lose your phone.
  • thelizardreborn, on 08/27/2008, -6/+27Not if its password protected. The point of the password is to keep others from having physical access to the phone.

    This may not allow things that are more damaging than Windows Mobile, it just makes it much MUCH easier to do those damaging things. Especially after this article circulates through Digg and other sites.
  • killerknives, on 08/27/2008, -4/+24wouldnt be so bad if you hadn't just told everyone
  • inactive, on 08/27/2008, -4/+23No, they should just lock the home button and that's it. This is a stupid bug, with very dangerous consequences. To some people, anyway :-)
  • r4agreements, on 08/27/2008, -2/+20Theres another work around. Download the Mission Impossible app. The phone will self destruct if you entered the settings correctly.
  • ToastPop, on 04/17/2009, -0/+16The phone syncs with your e-mail, calendar, and address book, where pretty much everyone keeps personal information. And if you don't use these features, why do you have an iPhone?
  • bryanwebster, on 08/27/2008, -3/+19This is a big security flaw.

    Also just by tapping the emergency call button you can call any number you like, usually in the uk the only number that can be dialed from a phone with a physical keypad whilst the keypad is locked is 999
  • BrendanSheehan, on 08/27/2008, -8/+23Well I don't have this issue with my iPhone, you pick mine up without my permission you get a black eye ;)

    And that's with no passcode.
  • ferrariman60, on 08/27/2008, -8/+23Yeah, my company won't even talk to people about putting iphones on the company exchange server. Sure, Win Mo is slow, it sucks, yadayadayadayada, but when it comes down to it, the iphone simply isn't secure, or anything near it. Let's not forget that Jailbreaking is just exploiting a security hole to get full access to the phone.

    For businesses, it's Win Mo or Blackberry. It's that simple. Apple's got a long way to go before it's ready for an enterprise environment.
  • eimantas, on 08/27/2008, -5/+17although i protect my iPhone with password (from my gf 'n such), but this is somewhat real issue. I am apple fanboy, but this is big. it kinda makes me wanna laugh .)
  • mikegcallahan, on 08/27/2008, -1/+13It's amazing how shortsighted some people can be. Spies?

    Do you realize that the iPhone wants to be in the enterprise? There, ALL communications are confidential.
    What about if you are having an affair and your spouse gets into your email or SMS?

    This is a huge security flaw and any infantile excuses is not going to make up for it. I´m glad Apple is not as retarded as some of its fanboys.
  • secrity, on 08/27/2008, -2/+14From past news articles, it seems that some clebrities keep private and important information on a cell phone.
  • inactive, on 08/27/2008, -4/+15Who the ***** cares? There are millions of iPhones with 2.0.2 there. This a huge security flaw no matter if you are an Apple fanboy, an MS fanboy, or the Pope.

    Denying reality won't help you or Apple. Fortunately for all of us iPhone users, Apple is not going to apologize and will probably fix this as soon as possible.

    In the meantime, the article has been updated with a workaround to avoid it, but unfortunately the hole is there and not everyone is going to learn about the user-driven "fix".
  • orlyfactor, on 08/27/2008, -0/+11You're wrong.
  • secrity, on 08/27/2008, -1/+12Can it be remotely erased, like Blackberrry can be?
  • bigsteve, on 08/27/2008, -0/+11My RAZR was very very secure. After 18 months of operation, it simply stopped showing everything I was doing on the LCD. Just went white.

    Now -that- was a secure phone. Couldn't see *****.
  • digggggggggg, on 08/27/2008, -4/+14This is certainly not good, but it would be naive to believe that the password feature would make any phone completely secure.

    Same thing goes with computers - you can get root access to just about any computer you have physical access to. Only way around this is to encrypt every bit of information.
  • cthellis, on 08/27/2008, -1/+11"Password protection" never works in Windows either, however. (BIOS passwords can be flashed. OS passwords can be overwritten with another boot disk and the right program.) You need to go full-bore, full-strength data encryption to actually have a chance of securing your data, and almost no one does that. If people who are actually concerned about their data DON'T do that...? Well, they're *****.

    Physical access basically means you're screwed.
  • bxblox, on 08/27/2008, -2/+12Hopefully you're not stupid enough to get mugged or burglarized either.
  • Diggnabbit, on 08/27/2008, -5/+15I guess this is a security flaw. But, I don't know that it concerns me that much. I don't even have my phone password protected and I don't know anyone else who does.

    Are people really most concerned about security in terms of what happens when someone gets your phone? I would think that the real concern would be it getting hacked while still inyour possession.
  • BrendanSheehan, on 08/27/2008, -1/+10Yeah, but you need Exchange activated on it - which non-enterprise users won't have setup.
  • kevinwiz, on 08/27/2008, -2/+11Ya! You don't need car insurance either! just don't get into accidents!
  • yokozuka, on 08/27/2008, -2/+11And, potentially, a whole barrage of lawsuits of the "Divorcee vs Apple Inc."

    Oh the possibilities.
  • iamthearm, on 08/27/2008, -3/+11Love the Apple slams. Dugg.
  • jakem1, on 08/27/2008, -1/+9Where's Clak?
  • utexas112, on 08/27/2008, -1/+9Phew, thank god someone revealed the h4x on the front page of digg.. otherwise, the secret REALLY could have gotten out!
  • poploserdigg, on 08/27/2008, -3/+11not to worry - the wannabee trendy Digg losers who bought an iphone can't get one woman to pork them, much less two.
  • MadHarvey, on 08/27/2008, -2/+10If someone has physical access to the device there is really nothing you can do unless you encrypt everything. Passwords don't do anything except extend the amount of time it takes to access your data..
  • darkknightita, on 08/27/2008, -3/+11OMG owned :)
  • polarfuxx, on 08/27/2008, -0/+8maybe apple is planning to create a new unit for lawers specialized in divorces? hehe
  • niznik, on 08/27/2008, -1/+8You are 100% correct! Apple - What the hell? When I lock my phone I want it sodding locked but for 999 calls. I can't believe that I can just manually dial numbers!

    This is completely unacceptable.
  • martinherrera, on 08/27/2008, -0/+7yes there is, they can get a blackberry which encrypts the data on the device itself.
  • jkoke, on 08/27/2008, -0/+7If you actually had an iPhone, you'd know that hitting the "emergency call" button on a locked phone brings up the keypad. It doesn't dial 911 automatically.
  • inactive, on 08/27/2008, -2/+9Just set your "double tap home" not to go to favorites ;)
    Problem solved.
  • Cr85bro13, on 08/27/2008, -0/+7You tried to sound smart but failed by misspelling kernel. We're also talking about iPhones here, not PSPs.
  • Fetching more discussions...
    Show 51 - 100 of 290 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...

© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.