What is it with Apple? Can’t they make their devices actually work properly from a security standpoint? Given the fact that millions of businesses are moving to standardise on them, you’d think they’d have thought a little bit more carefully about getting the basic security correct.
What’s the problem? Well, it’s simple: Even if your iPhone is ‘protected’ with a security passcode, you can bypass that with a few clicks to access the device address book. And Global Address Book, if available. You can also make phone calls.
Yes, you read that right.
You can pick up any ‘locked’ iPhone and tip-tap-tip, you can make phone calls and mess around with the address book. I’ve ‘hacked’ my iPhone 4 with the technique.
A bug in Apple’s iPhone OS gives thieves a way to unlock stolen iPhones and make telephone calls.
The flaw was first reported late Friday on the MacRumors discussion forum and is very much like other, similar bugs discovered in iOS over the past few years. In an Internet video, one user shows how it works on a phone that requires a security passcode before it will work. By hitting the Emergency Call button and then tapping ###, Call, and then quickly hitting Lock, he is able to open up the iPhone’s Phone program, look up the owner’s contacts and make telephone calls to any phone number.
No other iPhone applications are accessible, however, so the bug can’t be exploited to, say, send or read e-mail messages.
Every security chief at every Fortune 250 company that has recently deployed iPhones will be having kittens right now.
It’s not a *MASSIVE* gaping hole — it’s only the address book — but that’s enough to give most security people palpitations.
Is this why, if you’re doing anything on iPhone, you should be using Good Mobile Messaging? Or simply, sticking with RIM?