It seems like there’s a huge bug in iOS 4.1 for iPhone: with a combination of sleep / power button and a fake emergency call, it is possible to access the iPhone’s contact list and phone keypad even if the device is locked. I personally tested the method and, indeed, it works: I was able to bypass iOS’ passcode lock check and make a phone call to a friend of mine.
The bug first appeared on MacRumors forums and was detailed on video by MacMagazine (Brazilian website), and many MR forum members claim they’ve already reported the bug to Apple. It works both on non-jailbroken and jailbroken devices.
To reproduce the bug, make sure to have a passcode lock turned on and lock your device. In the lockscreen, tap on Emergency Call in the lower left corner. Now type a non-existent emergency number, I tried #946494. Start the call, and as soon as the red button appear hit the sleep button. You’ll be brought to the contact list.
I also noticed that while in this “forced Phone.app mode” you can’t go back to the homescreen but you can invoke the multitasking tray, even if tapping on apps won’t work. I was able to make SBSettings (jailbreak required) appear, but it didn’t work either. To return to the lockscreen from this forced mode, start a new call and end it. As @abrahamvegh also points out, trying to force quit the phone app will open Voice Control. It looks like you won’t be granted full access to the device through this flaw, but you’ll be able to make phone calls and access contacts nonetheless.
UPDATE: As Abraham reports, the Field Test application won’t start either in the “protected mode”, but you’ll be able to gain email access. Tap on a contact, then “share contact” and boom - you can send an email. As you can guess, email access exposes all your configured email address and contacts. MMS sharing works as well.
Check out the MacMagazine video below. If you’re able to reproduce the bug on your devices as well, let us know in the comments.