Security flaw opens locked iPhone
For the last few weeks there have been several videos showing up on YouTube demonstrating how one can access the phone functions of a supposedly locked iPhone. The first video apparently was posted on Jan. 31, with screens and voices in Spanish, though many others have since followed suit in a variety of other languages.
For agencies that have been adding iPhones to their enterprises, the good news is that the hack apparently doesn't give access to a phone's features other than voice calls and contact list, so files and applications should be safe. Nevertheless, contact lists could be exploited for a variety of purposes.
We won't go into the details of the hack here and certainly wouldn't post a direct link to such a video. However, it involves using the emergency call feature and a well-timed press of the power button to gain access to phone functions, including the victim's contact list. Some videos show a second phone that is used to take the control over the victim phone, but others only show the victim's phone, so the second phone doesn't appear to be necessary. The flaw affects the latest version on iOS, 6.1, as well as some earlier versions.
The original poster writes in the video description that you should use this "For prank your friends..." or "for a magic show..." The poster goes on to practically beg the viewer to "please... do not use this trick to do evil !!!" Unfortunately, some of the more than 350,000 people who have watched the video may do just that. But, as reckless as showing the exact method of performing this hack is, at least the video makers are doing the service of pointing out the problem.
Apple said it was working on the problem and would issue a fix in a future software update, CNN reported. Meanwhile, agency employees with iPhone would be wise to keep them close at hand.
Posted by Greg Crowe on Feb 15, 2013 at 12:48 PM