Folks at MacRumors Forums have found a major security flaw in iOS 4.1 which allows you to make phone calls even when phone is locked.
I think I just found a security flaw in ios 4.1.
When you iPhone is locked with a passcode tap Emergency Call, then enter a non-emergency number such as ###. Next tap the call button and immediately hit the lock button. It should open up the Phone app where you can see all your contacts, call any number, etc.
My iPhone is jailbroken so that could be causing it. Can anyone confirm that it works on non-jailbroken iPhones?
I have just tried it on both a jailbroken and a non-jailbroken iPhone and can confirm that both are effected by this bug on iOS 4.1. Steps to reproduce the bug on a password protected iPhone are as follows:
- Make sure your iPhone is protected by a passcode lock.
- Now from the lockscreen, tap on “Emergency Call” button and enter any number ###.
- Now tap the Call button and then immediately hit the lock (Power) button on top and you should now see all your contacts.
- Now simply select any number to make the phone call.
Here is a video of it in action: