[ISN] Security hole opens up password protected iPhones

From: InfoSec News <alerts_at_private>
Date: Thu, 28 Aug 2008 00:34:06 -0500 (CDT)
http://news.cnet.com/8301-1009_3-10027479-83.html

By Elinor Mills
Security
CNET News
August 27, 2008

A serious security hole in the latest iPhone software exposes e-mail, 
text, and voice messages to whoever gets a hold of the device despite it 
being password-protected.

Basically, clicking emergency call and double-clicking the "home" button 
brings up the favorites on iPhone 2.0.2, which opens up the address 
book, the dial keypad and voice mail, according to a report on Engadget, 
which got the tip on the hole from the MacRumors Forum.

Then, clicking on the blue arrows next to the names gives access to 
private information in a favorite entry, clicking in a mail address 
opens up the mail application, clicking on a URL in the contact 
information opens up Safari, and clicking on "send a text message" in a 
contact gives full access to the text messages.

The report suggests using the "home" setting so that double-clicking on 
the home button will take whoever is holding the phone to the unlock 
screen page.

[...]


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/
Received on Wed Aug 27 2008 - 22:34:06 PDT

This archive was generated by hypermail 2.2.0 : Wed Aug 27 2008 - 22:40:28 PDT