Friday, 10 February 2012

iOS 5.0.1 Bug Allows Anyone To Access Contacts And Make Calls Even If Protected By A Passcode

Canadian tech blogger Ade Barkah has discovered a new security loophole in iOS 5.0.1 that make easy to anyone to make call out even with security enabled. The loophole has been confirmed to work on iPhone 4 & iPhone 4S. Barkah details the bugs on his official blog.

We’re able to trick Voice Control to enumerate through the private address book and make live FaceTime video calls on a locked iPhone 4, even with Voice Dial specifically disabled in the settings.
Barkah tested his iPhone he set to the highest security settings and with the passcode enabled and turned off the voice control. He could make a call from emergency page through sending the commands in the voice control without typing his password. Actual voice calls didn’t go through but he could make FaceTime call and look through all contacts and their pictures.
Now Voice Control leaks that I have two numbers for Lisa Klein: her “mobile” and another number at the “love shack“. Had this been my jealous girlfriend probing my locked phone, I would’ve been totally busted! Remember, we’re getting all this info from a locked phone with Voice Dial explicitly disabled. So far we’ve only enumerated through the Contacts. Can we actually complete a call from the locked phone? With FaceTime, the answer is yes! Again starting from the Emergency Call screen, this time I say, “FaceTime”.
For iPhone 4S users, this will work only if Siri is turned off, because that’s when the iPhone 4S will begin using voice control.

However, iPhone 3GS users are safe from this problem since older devices doesn’t have front camera for FaceTime calls. Someone could still sniff through your contacts, though.

This is a very big problem. Any one now can easily snoop through your contacts and call them. Hopefully, Apple will address this bug in iOS 5.0.1.

We do expect iOS 5.0.2 in few weeks or even days, who knows! iOS 5.1 is rumored to come out on March 9th. I personally don’t think that Apple would wait for that bug for a month!

No comments:

Post a Comment