iOS 5 Security Flaw Allows Access To Contacts List, Recent Calls & Text Messages Without Passcode


Passcode locks are no match for a piece of software called XRY.
Passcode locks are no match for a piece of software called XRY.

Apple’s iOS devices has suffered a number of passcode flaws in recent years, which have allowed anyone to circumvent their security and access features within the device. The company has always been fairly quick to address these issues, but they continue to crop up.

The latest allows anyone with knowledge of the exploit to access your contacts list, your recent calls, your voicemail, your text messages, and more.

All they need is a SIM eject tool and a little patience. As you can see in the video below from iPhoneIslam. It’s probably best you jump straight in at 2 minutes 40 seconds:


It’s not the easiest trick to perform, as you can see from the video, but it does work and it is a security threat that Apple needs to address.

Have you been able to replicate this flaw on your device?

[via Macgasm]

Deals of the Day

12 responses to “iOS 5 Security Flaw Allows Access To Contacts List, Recent Calls & Text Messages Without Passcode”

  1. ddevito says:

    iOS is so flawed in some ways it’s insane. I wonder how much longer the reality distortion field will last now with Mr Jobs not around

  2. ddevito says:

    funny how this article had no comments. 

  3. CharliK says:

    the fact that you have to know the number of the victim phone to call it makes this really not all that threatening of a hack. How often are folks going to be lucky enough to grab a phone that has a call missed message conveniently waiting for them to attempt this. 

    And how many people are really going to go at this for the dozen plus times this guy did to get it to work. Generally folks that snatch a phone want the phone not the info. So unless they managed to grab the phone of say one of the Twilight movie kids so they can sell the info for scads of cash or they are a dickhead spying on a girlfriend they aren’t going to mess with this kind of stuff

    Yeah it’s a potentially nasty fluke but one that Apple might already know about and is going to seal up with 5.1. And not likely the end of the world like the hackers etc want it to sound. In fact I wonder what the effect would be if someone had that auto erase data after 10 attempts turned on in their passcode settings. This little hack was in effect bypassing the lock with a bad code. if you tried it more than 10 times without success (as demonstrated in the video), would it trigger the erase, thus rendering the hack moot. It would be something to explore

  4. ZoltanTroll says:

    ^^^ agreed

  5. ddevito says:

    iOS security is an oxymoron 

  6. ddevito says:

    iOS security is an oxymoron

    (boy Mr. Bell sure does love me)

  7. artfulEric says:

    Since as far as I know, the “camera instead of pass code swipe” method still unlocks an iPhone instantly, I don’t see this as very important. I mean if you can open anyone’s iPhone just by takIng a picture, it is completely insecure, right?

  8. Aerobahn says:

    Nope, all it gives you access to is the Camera App. Once done taking pictures it returns you to the lock screen. Also you can’t access photo albums when using the lock screen camera function either.

  9. artfulEric says:

    I beg to differ. If I can go from Camera to the home screen, so can anyone else. All you have to do is NOT take a picture, but press the Home button instead. Whoops, security hole!

  10. waynerod says:

    As @Aerobahn:disqus said earlier, you only have access to the Camera. If you try and press the home button (at any time, even if you don’t take a picture), it asks you for a password again.

    I tested it even right now on my device and it is true. What OS version are u running?

  11. artfulEric says:

    Hm, finally, Apple must have fixed it. Well, you are right, all the better! This was still an existing issue in iOS 5.0.

  12. waynerod says:

    Oh yeah, I forgot. This was an issue in 5.0 and fixed in 5.0.1. Since 5.0.1 wasn’t a major update (apart from fixes) I almost forgot about it. 

Leave a Reply

Your email address will not be published. Required fields are marked *