Save up to $300/year on phone bills
Another iPhone bug?
Setting the iPhone to emergency call mode allows someone to see incoming text messages even if the passcode lock is turned on.
(Credit: Karl Kraft)A 12-year-old who uses his iPhone mostly for texting with his girlfriend has discovered what looks like a new vulnerability with the device.
The unnamed boy, son of blogger Karl Kraft, turns on the passcode lock and disables SMS Preview in order to prevent his parents from seeing any messages, Kraft wrote on his blog.
Those settings block the display of incoming text messages and show an alert saying "New Text Message" if an SMS comes through while the phone is locked. However, if the phone is set to emergency call mode the incoming text messages are previewed.
"Thus all I need to do to intercept the messages from his girlfriend is to place the phone in emergency mode and wait 30 seconds for the next sickly sweet message," Kraft writes.
Apple representatives did not return e-mails seeking comment.
A different security hole related to password-protected iPhones was discovered in August, and last month a researcher disclosed that the iPhone captures all the activities of a user in order to enable the cool fading applications effect.
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor.
The whole point with a locked phone is that NO ONE CAN PICK IT UP AND PUT IT INTO EMERGENCY MODE AGAINST YOUR WILL. Geez.
And seriously, the best security fix to this is to keep your phone with you, and not give your parents the chance to even touch the phone.
On another note, the title of this article is entirely misleading. Looks like the parent found the security hole, not the 12 year old kid.
Secondly, I gave my children this much privacy.... and it wasn't a problem. The fact is that children DO DESERVE PRIVACY. If you don't give them that.... they are going to start hiding EVERYTHING from you, and you are going to have quite a few problems.
Way to go!
If ur srsly worried bout some1 c-ing ur im drivel...
...about all the inane things that happen in your life, than you probably really need a reality check, or you're the type that thinks it's okay to send credit card numbers via email, too.
Besides, how many total iPhone "security" issues (if you could actually call this one) have there been? Three?
Having a girlfriend is a very close second.
Daddy is having priority issues here.
You've seriously drinked the kool aid...
And before you say that an SMS is not confidential, think that it is about as confidential as email, and this is in a device that has explicitly been set up not to show SMSs without being logged in.
I think there have been more than three security issues with the iPhone 2.0 (a single update last month alone fixed about eight vulnerabilities), but even if there were three, three in less than two months for a phone is some sort of a record.
Once you realize that you have no privacy or security on the device, then it's fine. People should be careful of what they have on there in the first place and place less faith in the device to do the monitoring for them.
Good lord, is this really all CNET has?
You're like SNL picking on Palin week after week.
I think you meant "Seriously get something better to write about."
When one can't even use the correct words to convey thought I'll dismiss that thought.
And yes, when a very widely adopted device says it is secure, but can easily be fooled, then that is a security problem.
All that means is that many people use things for purposes for which they were not intended. Which is true. Phones had locks on them before they ever had any significant amount of "personal" information on them, and in many cases, even then the information was actually stored on the SIM card, and not in the phone's memory. SIM cards usually have their own, separate locks-- but with this, as in all cases, physical access eventually trumps nearly every reasonable security precaution you can put in place.
Phones have locks to prevent unauthorized persons from making calls and thus costing you money. This so-called flaw does not allow that.
This may be a behavior that people don't expect. It may be something Apple should patch. But to call this "insecure" is a real stretch. You shouldn't be sending information that needs to be "secure" in an SMS.
This is a non-issue and a non-story.
Seriously, I do agree with you insome ways - with physical access and a complete dedicated to break any security most any device is insecure. However, passcodes aren't about providing the highest level of security but discouraging the most frequent and most likely security issues. Its not about turning your iPhone into Fort Knox, its about locking the door and closing the windows when you park your car. If *any* company failed to provide this very basic level of functionality they should be taken to task for it.
Could you imagine the humiliation a CIO who has deployed iPhones is going through right now? Better to leave that tidbit off the resume.
@Vegaman_Dan: Applications do not run as root. There are two users on the iPhone. mobile and root. mobile is what they run as.
@dmjossel: It's an issue because Apple has a switch that allows the user to enable or disable the preview when the screen lock is in use. This is regardless of the passcode. If the screen lock is active the sms messages should not be visable at all (i.e. no preview). Emergency mode still has the screen lock enabled so it should not be showing sms previews.
-
by moshelinho
October 8, 2008 10:06 AM PDT
- how is that a bug? its a feature, isnt it?
-
Reply to this comment
-
See all 49 Comments >>