Apple Acknowledges iPhone Unlocking Flaw
By David Gilbert | February 15, 2013 10:59 PM EST
An exploit involving a fake emergency call allows you unlock an iPhone without the passcode has been acknowledged by Apple but it isn't rushing to fix the problem.
In a statement, Apple has said it is aware of the problem, and while it will eventually fix the problem, it's unlikely to happen any time soon.
"Apple takes user security very seriously. We are aware of this issue, and will deliver a fix in a future software update," a spokesperson told AllThingsD.
While saying very little in terms of specifics, this statement is more than Apple normally says when addressing security issues, with its official policy still stating: "Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available."
The reason Apple is not rushing to fix the problem is probably down to the fact the trick used to gain unauthorised access to a phone is rather involved and requires you to make a fake emergency phone call on the iPhone.
The security flaw works with iOS devices running the latest version of the mobile software (6.1) but because of the need to make an emergency call as part of the hack, it most likely won't work on an iPad or iPod touch.
As you can see in the video below, the exploit requires a number of rather complicated steps including almost shutting the phone down, making an emergency call and hanging up straight away and a level of physical dexterity which a lot of people will struggle with.
Even if you do manage to get the phone 'unlocked' you are only given access to a limited amount of the data. However you do get access to the phone's voicemail, contacts and photos which could reveal some very sensitive information.
Paul Ducklin, head of technology at security firm Sophos, says this exploit highlights the lengths 'hackers' will go to in order to gain access to your information:
"Let the arcane nature of this trick remind you that hackers, in both the good and bad sense of the word, aren't deterred by secrecy, obscurity or complexity. Indeed, this trick is surely making you wonder, 'How did they think of that?'"
He adds a warning to potential security experts: "Bear that in mind if you are ever called upon to design, implement or enforce security software, policies or procedures."
To report problems or to leave feedback about this article, e-mail:
To contact the editor, e-mail: