Folks at MacRumors Forums have found a major security flaw in iOS 4.1 which allows you to make phone calls even when phone is locked.
I think I just found a security flaw in ios 4.1.
When you iPhone is locked with a passcode tap Emergency Call, then enter a non-emergency number such as ###. Next tap the call button and immediately hit the lock button. It should open up the Phone app where you can see all your contacts, call any number, etc.
My iPhone is jailbroken so that could be causing it. Can anyone confirm that it works on non-jailbroken iPhones?
I have just tried it on both a jailbroken and a non-jailbroken iPhone and can confirm that both are effected by this bug on iOS 4.1. Steps to reproduce the bug on a password protected iPhone are as follows:
- Make sure your iPhone is protected by a passcode lock.
- Now from the lockscreen, tap on “Emergency Call” button and enter any number ###.
- Now tap the Call button and then immediately hit the lock (Power) button on top and you should now see all your contacts.
- Now simply select any number to make the phone call.
Apple has been reportedly notified about this issue. They are most likely going to patch it in the upcoming final release of iOS 4.2.
Here is a video of it in action:
You can follow us on Twitter or join our Facebook fanpage to keep yourself updated on all the latest from Microsoft, Google and Apple.
