Another iPhone Security Hole in Password-Protected Mode

Phones

Another iPhone Security Hole in Password-Protected Mode

Posted by Matt Buchanan at 8:40 AM on October 7, 2008

While this iPhone security hole isn't nearly as gaping as the last one we covered (which was fixed by Apple), it too exploits the emergency call feature in password-protected mode. In password-protected mode, there's an option to disable SMS preview, so if someone picks up your locked phone, they can't see incoming text messages. However, if you activate a locked phone's emergency call mode, and it receives a text message, it'll show you the full text in preview. And yes, this is with 2.1. Again, a sorta minor security oversight, but if you're super-secret about your texts (for whatever reasons), this is definitely a problem and needs to be fixed in the next update. [Karl Kraft via Daring Fireball]

Next Story: CNN Responds To Giz's Pundit-Laptop Baseball-Watching Exposé »

« Previous Story: DARPA Working on a Submersible Aircraft That Can Go From Air to Sea

Comments (AU Comments · US Comments)

There are currently no AU comments for this post.

Dunny0, Team T/A

Posted 10:12 AM 7/10/08

How is this a "Security" flaw?
Flaw, yes.

Security? No.

Dunny0, Team T/A

Twenty5

Posted 9:58 AM 7/10/08

...... come on people..

this is getting ridiculous... i know that is a flaw, but seriously, what kind of messages would be THAT secretive? (well... some people maybe...)

I know i will get flamed by the comment i just made....

Twenty5

DustyButt

Posted 9:51 AM 7/10/08

*** MARDI GRAS STYLE ***

Show us your texts!

DustyButt

Pwnage

Posted 9:42 AM 7/10/08

YEAAAAAAH...
About that....
That would be a definite problem -- ahem, you don't wanna see my txts!

Pwnage

codemagic

Posted 10:29 AM 7/10/08

@Twenty5: Umm, tell that to the Congressional guy that got nailed texting to the teenage boy page working 'under' him.

codemagic

Number_41

Posted 10:18 AM 7/10/08

Old news:

[iclarified.com]

Enjoy.

Number_41

MeanMF

Posted 10:15 AM 7/10/08

@Dunny0, Team T/A: There are authentication systems that send you a one-time-use password via SMS message. This would expose that password to somebody who has stolen your phone. [en.wikipedia.org]

MeanMF

purple-pillows

Posted 10:14 AM 7/10/08

@Twenty5: i dont want my girlfriend reading my texts from my other girlfriend... that would be disaster... but first i need one girlfriend

purple-pillows

Derek Devine

Posted 10:49 AM 7/10/08

Old News

Derek Devine

Dunny0, Team T/A

Posted 10:35 AM 7/10/08

@MeanMF: Considering I just did that today with my bank account, I probably should have thought about that... Of course, I'd had to already log into my account, meaning any attacker would also have to compromise that portion too.

Still, good point. Thanks for clarifying!

Dunny0, Team T/A

R2B2

Posted 10:54 AM 7/10/08

But what if you want to text the asshole that stole your phone?

R2B2

DaSmith

Posted 8:30 PM 7/10/08

So what if you do text him? He'll be scared and bring it back?

DaSmith

OprahBabb

Posted 8:46 PM 7/10/08

I can think of one security flaw. In order for me to "register" my computer for online banking I have the option of sending the activation code by text to my phone. Well, you get the idea.

OprahBabb

Posted 8:45 PM 7/10/08

Clever girl! :-)

OprahBabb

Post Your Comment

Gizmodo Australia moderates comments to avoid spam and abuse. We're looking for comments that are interesting, substantial and/or highly amusing. HTML is not accepted.

You must supply a name and your email address.

Name:

E-mail:

URL:

Remember me on this computer

Your comments: