E-mail updates
Follow on Twitter
Subscribe to RSS
Rosa Golijan/msnbc.com
Under the right — though easily arranged — circumstances, a simple paperclip could allow someone to circumvent your iPhone's passcode and access your voicemail, contacts, recent call list, and other data.
The security flaw which allows this undesired access was first discovered by members of the iPhoneIslam team, a group known for occasionally figuring out sneaky ways to circumvent Apple's security measures. The group posted a YouTube video to show how the flaw can be exploited and I have managed to easily duplicate the process on my own iPhone.
In order to take advantage of the security flaw, a sneaky individual would need to have a paper clip (or another tool which would allow him or her to open your iPhone's SIM tray) and physical access to your device — which would have to be running iOS 5. There would also have to be a missed call notification visible on your home screen (which the snoop could arrange if he or she knows your phone number, of course).
As long as all of those conditions are met, all someone needs to do is pop out your iPhone's SIM card, wait a few seconds, slip the SIM tray back in, and swipe his or her finger across the missed call just as the iPhone recognizes the SIM card again. (This may take a few attempts as the exploit fails if one swipes too soon or too late.)
Thanks to the way iOS 5 allows you to open apps directly from the home screen, swiping a finger across a missed call automatically dials that number even if the iPhone is locked. If you happen to try doing this just as a device is recognizing a SIM card and reconnecting to a cellular network, the call will fail — and the Phone app will be left open.
Suddenly there's access to the device's voicemail, contacts, recent call list, and the phone numbers marked "favorites." Contacts can be edited, outgoing calls can be made, emails and text messages can be sent (though only by using the "share contact" feature), and plenty of trouble can be caused.
Apple
The only thing you can do to protect yourself from this trick — other than keeping a closer eye on your iPhone, of course — involves turning off missed call notifications, which is inconvenient. You can do so by heading into the device's Settings menu, selecting Notifications, opening up the Phone notifications, and toggling off the "View in Lock Screen" option.
Other than that, this little security issue is similar to the iPad 2 security flaw which allowed someone to unlock the device with a simple fridge magnet — it's something which will have to be resolved on Apple's end, with an iOS update.
Related stories:
- Fridge magnet poses security threat to iPad 2
- Report: Hacked Syrian officials used '12345' as email password
- Report: Google bypassed Apple's privacy settings to track iPhones
Want more tech news, silly puns, or amusing links? You'll get plenty of all three if you keep up with Rosa Golijan, the writer of this post, by following her on Twitter, subscribing to her Facebook posts, or circling her on Google+.
Leave a Comment:
Android and iPhone are not secure platforms. When I read about government people migrating to these platforms en masse it makes me extremely nervous!
So what platform do you suggest they use? Windows? Even Blackberry is not any more secure than Iphone or Android.
Windows Phone 7 is the most user-friendly, though security's not been tested so extensively by outside sources. Nobody's tried to hack it the same way they hack iPhones, for example.
Is there anything a paperclip can't do?
I can clip papers together with a paperclip!
I can clip a bag closed with a paperclip!
I can convert my AK-clone to fully automatic with a paperclip! (True!)
Nothing, and that means NOTHING, is absolutely secure or private. As soon as we start understanding and respecting that, we will be a lot better off.
Apple is only human and can make mistakes. Corporations are people, my friends!
This is why MacGuyver always carries a bunch of paperclips around... never know when you'll have to diffuse an atom bomb or build a teleporter with some tinfoil a stick of chewing gum and a paperclip.
Remember the chocolate bar to stop the radiation leak? Classic! (in fact it might have been the pilot episode?)
Just to be nitpicky, it wasn't radiation. It was acid.
acid today....tomorrow radiation.....who cares?
dammit...David1 was right. It was acid and not radiated water like I had thought. Mea Culpa, Dave!
Poor Apple - Let me cry you a river, all you little fan boys. Wait till you see what you can do with some yarn and a rubberband!
You do that. In the meantime I will keep my iPhone in my pocket when its not in use. You can keep your paperclip, rubber band and yarn.
Yarn and a rubberband. Yea, what about some knitted underwear for yourself!
Actually, those are instructions on how to turn your iPhone into a bomb!
I wouldn't normally consider this that big of a deal, but Apple always tries to hang its hat on security. Something this simple is a rather egregious error on their end. As nice as their products are (and they are nice), they are still a whole lot of smoke & mirrors with a massive marketing campaign.
Antenna-gate, paperclip-gate, what's next?
staple gate!
Don't pick on the paperclips, it's not their fault. People are the ones that are a security risk to iPhone. Why would you leave your phone where someone would have access to it without your knowledge.
yesterday guns....today paperclips......
Paper clips don't crack iphones, people with paper clips crack iPhones.
Plastic-coated paperclips like those in the picture would not pose a threat - the end would not fit into the pinhole
Paperclips dont hack iPhones. People hack iPhones.
I just posted the same before I read yours.
LOL! You can hack one of the most expensive phones with a paper clip. Too Funny!
You can hack the even-more-expensive Samsung Galaxy Note by simply stealing the user's SD card. Now you've probably got a whole lot more than just their contact book. In fact, it's even easier than the iPhone hack because until the user goes to use something from the card, they won't even notice it's gone. At least when an iPhone goes missing there's a chance they'll get onto iCloud.com and erase the phone by remote.
Hey, here's a thought. Don't leave your phone sitting around! Best security of all. You can pay me $5 a month for that if you want to. I'll even send you an email once a month to remind you not to be a idiot.