Security hole opens up password-protected iPhones
A serious security hole in the latest iPhone software exposes e-mail, text, and voice messages to whoever gets a hold of the device despite it being password-protected.
Basically, clicking emergency call and double-clicking the "home" button brings up the favorites on iPhone 2.0.2, which opens up the address book, the dial keypad and voice mail, according to a report on Engadget, which got the tip on the hole from the MacRumors Forum.
Then, clicking on the blue arrows next to the names gives access to private information in a favorite entry, clicking in a mail address opens up the mail application, clicking on a URL in the contact information opens up Safari, and clicking on "send a text message" in a contact gives full access to the text messages.
The report suggests using the "home" setting so that double-clicking on the home button will take whoever is holding the phone to the unlock screen page.
Engadget reports that a fix for the hole will be included in the next firmware update, but it's not known when that update will come.
Representatives from Apple did not respond to e-mails seeking comment.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
Honestly, it does not matter what phone or PDA you use, don't put anything on it that you don't want others to find out. Short of hard encryption, nothing will protect you from a Dremel and a flash reader.
My iPhone is set to launch iPod player when double click is pressed. If I loose my phone the worst someone can do is listen to my poor taste in music.
Shame on you Apple!
As 'intuitive' as the interface is, a button push, a slide gesture, enter a pin code, click contacts, wait for contact list to appear (software bug still not fixed), scroll through list to locate contact, select contact, select phone number to dial.... seems a long process to make a phone call. The main purpose of a "phone".
I actually did lose my iPhone once; my email was the least of my concerns upon realization. In fact I'm glad that I wasn't using the key lock, some kind soul picked it up and dialed one of my favorites (one which I'd entered as a relationship with just this case in mind) and it was then returned to me.
Good idea! Dump the junk devices on the yacktards so you can give the iPhones to the real workers.
http://kreuzer33.wordpress.com/2008/08/28/iphone-security-issue-exposes-consumer-data/
How quickly this is addressed will be the next question.
This is a serious security issue for any corporate email use, which already has issues with the unit in general, so this may cause more problems for it to be adopted seriously as a business class device.
Give it time. It's still in the testing phase at this point. It will only get better over the years.