THIS WEEK'S SPONSOR:

Concepts

Sketch, Note, Draw


iPhone Security Hole Lets You Make Calls When The Phone Is Locked

It seems like there’s a huge bug in iOS 4.1 for iPhone: with a combination of sleep / power button and a fake emergency call, it is possible to access the iPhone’s contact list and phone keypad even if the device is locked. I personally tested the method and, indeed, it works: I was able to bypass iOS’ passcode lock check and make a phone call to a friend of mine.

The bug first appeared on MacRumors forums and was detailed on video by MacMagazine (Brazilian website), and many MR forum members claim they’ve already reported the bug to Apple. It works both on non-jailbroken and jailbroken devices.

To reproduce the bug, make sure to have a passcode lock turned on and lock your device. In the lockscreen, tap on Emergency Call in the lower left corner. Now type a non-existent emergency number, I tried #946494. Start the call, and as soon as the red button appear hit the sleep button. You’ll be brought to the contact list.

I also noticed that while in this “forced Phone.app mode” you can’t go back to the homescreen but you can invoke the multitasking tray, even if tapping on apps won’t work. I was able to make SBSettings (jailbreak required) appear, but it didn’t work either. To return to the lockscreen from this forced mode, start a new call and end it. As @abrahamvegh also points out, trying to force quit the phone app will open Voice Control. It looks like you won’t be granted full access to the device through this flaw, but you’ll be able to make phone calls and access contacts nonetheless.

UPDATE: As Abraham reports, the Field Test application won’t start either in the “protected mode”, but you’ll be able to gain email access. Tap on a contact, then “share contact” and boom - you can send an email. As you can guess, email access exposes all your configured email address and contacts. MMS sharing works as well.

Check out the MacMagazine video below. If you’re able to reproduce the bug on your devices as well, let us know in the comments.

Unlock More with Club MacStories

Founded in 2015, Club MacStories has delivered exclusive content every week for over six years.

In that time, members have enjoyed nearly 400 weekly and monthly newsletters packed with more of your favorite MacStories writing as well as Club-only podcasts, eBooks, discounts on apps, icons, and services. Join today, and you’ll get everything new that we publish every week, plus access to our entire archive of back issues and downloadable perks.

The Club expanded in 2021 with Club MacStories+ and Club Premier. Club MacStories+ members enjoy even more exclusive stories, a vibrant Discord community, a rotating roster of app discounts, and more. And, with Club Premier, you get everything we offer at every Club level plus an extended, ad-free version of our podcast AppStories that is delivered early each week in high-bitrate audio.

Choose the Club plan that’s right for you:

  • Club MacStories: Weekly and monthly newsletters via email and the web that are brimming with app collections, tips, automation workflows, longform writing, a Club-only podcast, periodic giveaways, and more;
  • Club MacStories+: Everything that Club MacStories offers, plus exclusive content like Federico’s Automation Academy and John’s Macintosh Desktop Experience, a powerful web app for searching and exploring over 6 years of content and creating custom RSS feeds of Club content, an active Discord community, and a rotating collection of discounts, and more;
  • Club Premier: Everything in from our other plans and AppStories+, an extended version of our flagship podcast that’s delivered early, ad-free, and in high-bitrate audio.