Under the right — though easily arranged — circumstances, a simple paperclip could allow someone to circumvent your iPhone's passcode and access your voicemail, contacts, recent call list, and other data.
The security flaw which allows this undesired access was first discovered by members of the iPhoneIslam team, a group known for occasionally figuring out sneaky ways to circumvent Apple's security measures. The group posted a YouTube video to show how the flaw can be exploited and I have managed to easily duplicate the process on my own iPhone.
In order to take advantage of the security flaw, a sneaky individual would need to have a paper clip (or another tool which would allow him or her to open your iPhone's SIM tray) and physical access to your device — which would have to be running iOS 5. There would also have to be a missed call notification visible on your home screen (which the snoop could arrange if he or she knows your phone number, of course).
As long as all of those conditions are met, all someone needs to do is pop out your iPhone's SIM card, wait a few seconds, slip the SIM tray back in, and swipe his or her finger across the missed call just as the iPhone recognizes the SIM card again. (This may take a few attempts as the exploit fails if one swipes too soon or too late.)
Thanks to the way iOS 5 allows you to open apps directly from the home screen, swiping a finger across a missed call automatically dials that number even if the iPhone is locked. If you happen to try doing this just as a device is recognizing a SIM card and reconnecting to a cellular network, the call will fail — and the Phone app will be left open.
Suddenly there's access to the device's voicemail, contacts, recent call list, and the phone numbers marked "favorites." Contacts can be edited, outgoing calls can be made, emails and text messages can be sent (though only by using the "share contact" feature), and plenty of trouble can be caused.
The only thing you can do to protect yourself from this trick — other than keeping a closer eye on your iPhone, of course — involves turning off missed call notifications, which is inconvenient. You can do so by heading into the device's Settings menu, selecting Notifications, opening up the Phone notifications, and toggling off the "View in Lock Screen" option.
Other than that, this little security issue is similar to the iPad 2 security flaw which allowed someone to unlock the device with a simple fridge magnet — it's something which will have to be resolved on Apple's end, with an iOS update.
- Fridge magnet poses security threat to iPad 2
- Report: Hacked Syrian officials used '12345' as email password
- Report: Google bypassed Apple's privacy settings to track iPhones
Want more tech news, silly puns, or amusing links? You'll get plenty of all three if you keep up with Rosa Golijan, the writer of this post, by following her on Twitter, subscribing to her Facebook posts, or circling her on Google+.