Security hole opens up password protected iPhones

[InfoSec News <alerts () infosecnews org>]

http://news.cnet.com/8301-1009_3-10027479-83.html

By Elinor Mills
Security
CNET News
August 27, 2008

A serious security hole in the latest iPhone software exposes e-mail, 
text, and voice messages to whoever gets a hold of the device despite it 
being password-protected.

Basically, clicking emergency call and double-clicking the "home" button 
brings up the favorites on iPhone 2.0.2, which opens up the address 
book, the dial keypad and voice mail, according to a report on Engadget, 
which got the tip on the hole from the MacRumors Forum.

Then, clicking on the blue arrows next to the names gives access to 
private information in a favorite entry, clicking in a mail address 
opens up the mail application, clicking on a URL in the contact 
information opens up Safari, and clicking on "send a text message" in a 
contact gives full access to the text messages.

The report suggests using the "home" setting so that double-clicking on 
the home button will take whoever is holding the phone to the unlock 
screen page.

[...]


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/