August 27, 2008

Another Security Flaw on the iPhone

There was a lot of attention on a security flaw discovered on the iPhone which allows someone to bypass the set password by using the emergency call mode.

On 8/5/08, I reported another security issue directly to Apple. I was assigned a Follow-up number of 52982558.

The issue I found was that there is that the iPhone does does invoke passcode protection over the passcode-lock setting which determines when the phone will get locked after inactivity. Here's how the flaw is exposed: Let's say the owner of the iPhone sets the device to passcode-lock after 1 hour of inactivity and 30 minutes after last usage, a thief steals the phone. The thief can now change the iPhone passcode-lock to lock after the maximum setting of 4 hours and keep doing this until he takes everything he needs off the device.

This error combined with the flaw reported today leaves a huge security hole.

There is no way, with these and probably other yet to be discovered security flaws, that the iPhone can be considered an enterprise-ready device.

blog comments powered by Disqus