iOS 5 Security Flaw Allows Access To Contacts List, Recent Calls & Text Messages Without Passcode

iOS 5 Security Flaw Allows Access To Contacts List, Recent Calls & Text Messages Without Passcode

Apple’s iOS devices has suffered a number of passcode flaws in recent years, which have allowed anyone to circumvent their security and access features within the device. The company has always been fairly quick to address these issues, but they continue to crop up.

The latest allows anyone with knowledge of the exploit to access your contacts list, your recent calls, your voicemail, your text messages, and more.

All they need is a SIM eject tool and a little patience. As you can see in the video below from iPhoneIslam. It’s probably best you jump straight in at 2 minutes 40 seconds:

It’s not the easiest trick to perform, as you can see from the video, but it does work and it is a security threat that Apple needs to address.

Have you been able to replicate this flaw on your device?

Related
  • ddevito

    iOS is so flawed in some ways it’s insane. I wonder how much longer the reality distortion field will last now with Mr Jobs not around

  • ddevito

    funny how this article had no comments. 

  • CharliK

    the fact that you have to know the number of the victim phone to call it makes this really not all that threatening of a hack. How often are folks going to be lucky enough to grab a phone that has a call missed message conveniently waiting for them to attempt this. 

    And how many people are really going to go at this for the dozen plus times this guy did to get it to work. Generally folks that snatch a phone want the phone not the info. So unless they managed to grab the phone of say one of the Twilight movie kids so they can sell the info for scads of cash or they are a dickhead spying on a girlfriend they aren’t going to mess with this kind of stuff

    Yeah it’s a potentially nasty fluke but one that Apple might already know about and is going to seal up with 5.1. And not likely the end of the world like the hackers etc want it to sound. In fact I wonder what the effect would be if someone had that auto erase data after 10 attempts turned on in their passcode settings. This little hack was in effect bypassing the lock with a bad code. if you tried it more than 10 times without success (as demonstrated in the video), would it trigger the erase, thus rendering the hack moot. It would be something to explore

  • ZoltanTroll

    ^^^ agreed

  • ddevito

    iOS security is an oxymoron 

  • ddevito

    iOS security is an oxymoron

    (boy Mr. Bell sure does love me)

  • artfulEric

    Since as far as I know, the “camera instead of pass code swipe” method still unlocks an iPhone instantly, I don’t see this as very important. I mean if you can open anyone’s iPhone just by takIng a picture, it is completely insecure, right?

  • Aerobahn

    Nope, all it gives you access to is the Camera App. Once done taking pictures it returns you to the lock screen. Also you can’t access photo albums when using the lock screen camera function either.

  • artfulEric

    I beg to differ. If I can go from Camera to the home screen, so can anyone else. All you have to do is NOT take a picture, but press the Home button instead. Whoops, security hole!

  • waynerod

    As @Aerobahn:disqus said earlier, you only have access to the Camera. If you try and press the home button (at any time, even if you don’t take a picture), it asks you for a password again.

    I tested it even right now on my device and it is true. What OS version are u running?

  • artfulEric

    Hm, finally, Apple must have fixed it. Well, you are right, all the better! This was still an existing issue in iOS 5.0.

  • waynerod

    Oh yeah, I forgot. This was an issue in 5.0 and fixed in 5.0.1. Since 5.0.1 wasn’t a major update (apart from fixes) I almost forgot about it. 

About the author

Killian BellKillian Bell is a freelance writer based in the UK. He has an interest in all things tech, but most enjoys covering Apple, anything mobile, and gaming. You can follow him on Twitter via @killianbell, or through his website.

(sorry, you need Javascript to see this e-mail address)| Read more posts by .

Posted in News | Tagged: , , , , , , |