A forum member over at MacRumors recently discovered a security flaw in iOS 4.1: one can still make phone calls even when an iPhone has been secured with a passcode. Basically the whole dialer becomes exposed, giving access to things like the contact list and more…

Update: Apple has responded that it will fix this security flaw as part of the iOS 4.2 software update in November.

A forum member over at MacRumors recently discovered a security flaw in iOS 4.1: one can still make phone calls even when an iPhone has been secured with a passcode.

All you have to do is to randomly input something, like ###, make the call and then immediately press the Lock button. What happens next is the Phone app will magically appear, granting access to the dialer and that particular iPhone’s contact list, call history, and voicemail.

You can get full access to the iPhone’s photo albums by sharing a contact and then hitting on the camera icon. Voice Control is also accessible and you can call up songs that are stored in the phone too.

This flaw affects both non-jailbroken and jailbroken iPhones.

The discovery of this flaw means there is no way to prevent unauthorized people from using the iPhone if it has been misplaced or stolen. No official word from Apple yet, and we are getting conflicting responses whether this issue was already known and whether it has been fixed in iOS 4.2 from various sources.

Update: An Apple spokeswoman has emailed in response to CNET, that the security flaw will be fixed as part of the iOS 4.2 software update. iOS 4.2 is due in November.

 

References: MacRumors, Engadget