Passcode Vulnerability Returns in iPhone Updates

August 29th, 2008

Apple’s publicity nightmare keeps growing worse. The latest twist is more serious than dropped calls or lost e-mail — it’s a security flaw in the iPhone that could dial up trouble for users.The flaw isn’t a new issue. Apple first addressed what is known as the passcode flaw last January. The fix prevented unauthorized users from circumventing the password-protected locking feature in an early version of the software. But the problem has reemerged in new versions of the iPhone software.

The flaw apparently allows attackers to bypass the passcode locking feature by touching “Emergency Call” on the password-entry screen and then double-tapping the Home button. An attacker would then have access to the iPhone users’ frequently called contacts list, which includes both addresses and phone numbers.

An attacker could also use the breach to access the iPhone’s e-mail application and gain access to e-mail addresses or Web sites, as well as the user’s Safari browser. The flaw is reportedly present in iPhone software versions 2.0 and 2.0.2. The issue also affects the iPod touch.

Click here to read the rest of this story.

Entry Filed under: Hot off the Press