iOS 4.1 Security Flaw Allows You to Bypass Lock Screen to Access Phone App

Start an “emergency call” to a bogus number like “###”, then quickly hit the lock button atop the iPhone — boom, you’ve got full access to the Phone app, including call history and voicemail.

Oddly, or at least coincidentally, it seems to be fixed in iOS 4.2 beta 3 — I can’t reproduce this on my iPhone with 4.2b3 installed, but can on another iPhone with 4.1. Also odd is how similar the exploit is to this one from two years ago — which was also discovered by a MacRumors forum poster. You’d think Apple would have given iOS’s emergency-call-while-locked code a more thorough audit — the thing only has two non-volume hardware buttons, and both of them have now been found to allow the lock screen to be bypassed.

Monday, 25 October 2010