Features Podcasts Family Video Comics Music Tech Science Books Film & TV Games ✚

Jill

iPhone "secret button sequence" security flaw: fix promised in November

Xeni Jardin at 1:13 pm Tue, Oct 26, 2010

— FEATURED —

Feature

Eurovision 2013: An American in London

Book Review

The Twelve-Fingered Boy - mesmerizing YA horror novel

Book Review

Black Code: how spies, cops and crims are making cyberspace unfit for human habitation

— FOLLOW US —

Boing Boing is on Twitter and Facebook. Subscribe to our RSS feed or daily email.

 

— POLICIES —

Except where indicated, Boing Boing is licensed under a Creative Commons License permitting non-commercial sharing with attribution

 

— FONTS —

Tweet
Kindle
An iPhone 4 security flaw makes it possible to bypass a passcode-protected lock screen with a few button presses: tap the "Emergency Call" button, then enter three pound signs, hit the green Call button and immediately press the Lock button. Voilá, full access to the phone function, including contacts, voicemail, and call history. Apple has acknowledged the issue and promises a fix in November. More: 9to5Mac, Wired News, MacRumors.

Boing Boing editor/partner and tech culture journalist Xeni Jardin hosts and produces Boing Boing's in-flight TV channel on Virgin America airlines (#10 on the dial), and writes about living with breast cancer. Diagnosed in 2011. @xeni on Twitter. email: xeni@boingboing.net.

MORE:  Gadgets • Technology

More at Boing Boing

Eurovision 2013: An American in London

The technology that links taxonomy and Star Trek

  • Cowicide

    hahaha… I’d like to see Steve somehow spin this into a feature.

    • Gutierrez

      This feature is for our more forgetful users who can never seem to remember their passcode. It also allows quicker access for our experts at the Genius Bar to give you quality service on your iPhone without needing to give your passcode out publicly in the Apple Store.

      Spun.

      • DancingNoDancing

        To continue Gutierrez’s pitch-perfect spin:

        The problem is not the existence of this sequence but the fact that it’s being published widely by irresponsible bloggers. Can you believe those guys?

  • HornCologne

    Up, Up, Down, Down, Left, Right, Left, Right, B, A.

    That is all.

  • kateling

    Well, obviously. That’s the first thing I tried.

  • monospace

    You can’t get to the home screen by trying to text them. In fact, sending a text doesn’t work. “Sharing” a contact via MMS may work, but you’re still not getting to the home screen.

  • sum.zero

    “you’re locking it wrong.” ;)

  • Oren Beck

    One plausible but still not good “reason” for the sequence might be to give ICE access. Having an ICE entry in your phone sort of fails if EMS or Hospital workers cannot access it. Call it balancing privacy risks Vs survival. A partial comparison to the “Knox Box” key safe systems? The ones where you have to balance Fire/EMS access to your door key against fire losses/someone dying while EMS tries to get entry.

    A similar type of security and survival being a balance, is evident in several initially ad-hoc ICE= In Case of Emergency projects. Overview being a small metal tube with threaded end cap that holds a flash drive with your medical files. If it’s encrypted and the key is hard to quickly access, you might be dead. Though having someone find your unencrypted medical files could be another sort of Ungoodness.

  • Anonymous

    I think it is a feature for corporate IT departments, so they can help out dumb users who have forgotten their passwords.

  • agger

    If iOS were free software, everybody could be fixing this for themselves right now – they didn’t have to wait for Apple’s stupid “update”. Which is why, I suppose, I will not be getting an iPhone any time soon. The day it runs GNU/Linux, I might.

  • tim

    Oh noes! If someone bad gets their hands on my phone they can actually read names and numbers from my contact list. Then they’d have to manually transcribe them. Not a good thing but hardly an earth shaking issue. Now if one were crazy enough to have a Windows PC then the contact list can very often be grabbed electronically and handed off to spammers without you even knowing. Which is likely to cause more actual problems?

    • Shift

      Plenty of people have confidential business / personal information stored on their phones.

    • Cowicide

      spin, baby, spin…

      Look, I use Macs and sometimes you just gotta admit.. Apple fucks up.

      • teapot

        Cowicide, I’m ashamed to be in the same comments section as someone who can so easily break the fan-boy’s code: Never admit fault!

        Hey, tim – we’re talking about phones here, bud. No need to grind that axe.

        • Cowicide

          I will turn in my badge asap.

  • Anonymous

    It actually doesn’t matter what digits you input before hitting the call-lock buttons.

  • HerkyDerky

    That’s so weird. That was my password to begin with.

  • murrayhenson

    You can also use this to view all the photos in an iPhone’s photo roll and edit contact information (adding or removing info).

    Personally, while it isn’t the end of the world for me, I would prefer that the lock feature do what it says on the tin.

  • Anonymous

    Ooh great. Also works on my iOS 4.1 3GS. Dag.

  • voracious32

    Just don’t hold it that way.

  • Anonymous

    @tim #9

    what are you more likely to leave in a cab? a laptop or an iPhone?

    and no one ever has private information in notes? or private numbers or email of the famous and powerful or confidential news sources in their contacts? or confidential documents in their email?

    your life may be boring and inconsequential but don’t put that on the rest of us.

    • Anonymous

      It needs to be noted that this exploit doesn’t allow access to the whole phone. Pretty much just address book, call history and calling features.

      No Mail, no internet, no SMS, no 3rd party apps, and as far as I’m aware no notes.

      Still an unusual f-up, but this isn’t a password workaround, it’s a basic-access thing.

      • Michael Smith

        Still an unusual f-up
        My bet is that it is connected to the requirement to always be able to make emergency calls, even on somebody else’s phone or if you have forgotten your PIN.

        • dragonfrog

          Yeah, that’s what it is – you go into the sequence to make an emergency call, then you don’t make the call, and the phone fails to lock you back out properly.

      • dragonfrog

        One commenter in this thread http://forums.macrumors.com/showthread.php?t=1035879 says

        “Actually just text someone and then you can get to the home screen”

        (To text someone, I think you have to choose to “share” a contact by SMS or MMS)

        Anyone with in iOS 4 iPhone able to check this?

  • Anonymous

    “It’s ok guys, we’ll change the code that law enforcement require us to have to they can break into your phones for no reason in november”

  • tim

    It’s a bug. Apple made a mistake somewhere. It’s not a big bug though; you have to get physical access, you get to read – not download – some contact data. Put it in some context and you realise it isn’t anywhere near a big enough problem to get scared about. How many people even know there is a passcode for the phone, let alone actually use it?

    As for losing a phone/laptop in a cab – well on the rare occasions I’m forced to go to a city I’d get picked up by a rather more secure vehicle, so no problem. And anyway my laptop would normally be carried by one of my assistants.