A newly discovered bug in iOS 5.0.1 allows an unauthorized user to access contacts, view call history, make phone calls and use FaceTime on a password-protected iPhone, reports iMore. However, the circumstances and effort involved in triggering the bug mean it might not be exploited very often, at least before a fix is made.
The bug was discovered by iPhone Islam (Arabic language website) and requires the unauthorized user to have access to the phone, and to also know the phone number of the victimized phone to attempt entry at will. The method is as follows: After the phone receives a missed phone call (which is why knowing the phone number comes in handy for the exploiter), the exploiter then "confuses" the iPhone by actively inserting and ejecting the SIM card while trying to unlock the phone.
When the bug is triggered properly, the Phone app is opened, giving the exploiter access to the iPhone's contact list, favorite contacts and call history. The iPhone can then be used to make phone calls to any phone number or saved contact. Once the iPhone is locked, the exploit must be performed again. According to the video, this exploit works on the iPhone 3GS, iPhone 4, and iPhone 4S.
This bug sounds quite serious, but after seeing the example video recorded by iPhone Islam, the method to trigger it seems incredibly unreliable. It takes more than a couple minutes and numerous attempts before the demonstrator can even pull the exploit off. Regardless, here's hoping it gets patched in a timely fashion.
27 Comments - Add comment