Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT tid,hits,start_time FROM biztimes_stats.stats_articles_au WHERE tid='435680' Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT cmt_count FROM ib_articles_counts WHERE id='435680' Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT * FROM ib_sources WHERE id='1001' Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT * FROM ib_articles_options WHERE article_id='435680' Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT article_id FROM ib_topics_index WHERE tid='401' ORDER BY id DESC LIMIT 10Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT article_id FROM ib_topics_index WHERE tid='238' ORDER BY id DESC LIMIT 10Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT * FROM ib_rates WHERE article_id='435680' LIMIT 1 Apple Acknowledges iPhone Unlocking Flaw - International Business Times

Apple Acknowledges iPhone Unlocking Flaw

  • Rate this Story
  • 0
  • 0

By David Gilbert | February 15, 2013 10:59 PM EST

An exploit involving a fake emergency call allows you unlock an iPhone without the passcode has been acknowledged by Apple but it isn't rushing to fix the problem.

In a statement, Apple has said it is aware of the problem, and while it will eventually fix the problem, it's unlikely to happen any time soon.

"Apple takes user security very seriously. We are aware of this issue, and will deliver a fix in a future software update," a spokesperson told AllThingsD.

While saying very little in terms of specifics, this statement is more than Apple normally says when addressing security issues, with its official policy still stating: "Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available."

The reason Apple is not rushing to fix the problem is probably down to the fact the trick used to gain unauthorised access to a phone is rather involved and requires you to make a fake emergency phone call on the iPhone.

Flaw

The security flaw works with iOS devices running the latest version of the mobile software (6.1) but because of the need to make an emergency call as part of the hack, it most likely won't work on an iPad or iPod touch.

As you can see in the video below, the exploit requires a number of rather complicated steps including almost shutting the phone down, making an emergency call and hanging up straight away and a level of physical dexterity which a lot of people will struggle with.

Even if you do manage to get the phone 'unlocked' you are only given access to a limited amount of the data. However you do get access to the phone's voicemail, contacts and photos which could reveal some very sensitive information.

Paul Ducklin, head of technology at security firm Sophos, says this exploit highlights the lengths 'hackers' will go to in order to gain access to your information:

"Let the arcane nature of this trick remind you that hackers, in both the good and bad sense of the word, aren't deterred by secrecy, obscurity or complexity. Indeed, this trick is surely making you wonder, 'How did they think of that?'"

He adds a warning to potential security experts: "Bear that in mind if you are ever called upon to design, implement or enforce security software, policies or procedures."

To report problems or to leave feedback about this article, e-mail:

To contact the editor, e-mail:

Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT id FROM ib_slideshows WHERE timestamp>1413942599 AND hits>0 AND outkey='Y' ORDER BY hits DESC LIMIT 10Host 'subweb.ibtimes.com' is not allowed to connect to this MySQL serverSELECT id FROM ib_slideshows WHERE timestamp<1413942599 AND timestamp>1413683399 AND hits>0 AND outkey='Y' ORDER BY hits DESC LIMIT 10
  • Rate this Story
  • 0
  • 0

Join the Conversation

IBTimes TV
E-Newsletters

We value your privacy. Your email address will not be shared.