Existing users, log in.  New users, create a free account.  Lost password?

iPhone SMS Privacy Flaw Discovered

Posted 8 October 2008 @ 5am in Uncategorized

Setting the iPhone to emergency call mode allows someone to see incoming text messages even if the passcode lock is turned on. A 12-year-old who uses his iPhone mostly for texting with his girlfriend has discovered what looks like a new vulnerability with the device.

The unnamed boy, son of blogger Karl Kraft, turns on the passcode lock and disables SMS Preview in order to prevent his parents from seeing any messages, Kraft wrote on his blog.

Those settings block the display of incoming text messages and show an alert saying “New Text Message” if an SMS comes through while the phone is locked. However, if the phone is set to emergency call mode the incoming text messages are previewed.

“Thus all I need to do to intercept the messages from his girlfriend is to place the phone in emergency mode and wait 30 seconds for the next sickly sweet message,” Kraft writes.

Apple representatives did not return e-mails seeking comment. A different security hole related to password-protected iPhones was discovered in August, and last month a researcher disclosed that the iPhone captures all the activities of a user in order to enable the cool fading applications effect.

[Originally posted by Elinor Mills to our sister site, News.com[

[ Digg this  |  Bookmark on del.icio.us ]

Print This Post Print This Post

3 Comments

Posted by flo_schi
8 October 2008 @ 7am

I just tried it and can tell you that this bug is already fixed in iPhone OS 2.2 Beta 1.

Posted by jzdziarski
9 October 2008 @ 6am

Given that you can crack the passcode in about 60 seconds (see: iPhone Forensics, ISBN 978-0596153588), I fail to see why this is a big deal.

Posted by vaughnsc
14 October 2008 @ 8am

@Jon: the nerve! (see ISBN 978-0071462020 LOL ) ;-)

@Article:

“iPhone captures ALL the activities of a user in order to enable the cool fading applications effect” (emphasis mine)

Let’s not blow THAT out of proportion: the phone doesn’t record EVERYTHING: upon returning to the Springboard, the OS just takes a screenshot of the application’s ‘last known state’ to produce the zoom-in when it is relaunched.

If you’re really that ’security-conscious,’ just leave the screen in some innocuous state before closing it.

You must log in or register to post a comment.

« iPhone Screen Sporadically Turns On, Off

European Union Directive Could Force Replaceable iPhone Batteries »