A group of users on Apple news site MacRumors.com first pointed out the hole, which involves just a few taps on the touch screen.
The tactic was later tested and verified by Gizmodo, which posted a video of the process.
The issue occurs when the user hits the "emergency call button" on the iPhone's passcode entry screen. This then brings up a dial pad for placing a call in an emergency situation. Unfortunately, it also enables the use of the iPhone's "home" button as normal.
By default, the home button is set to bring up the user's "favorites" list. It also enables an unauthorized user to access a number of other features on the phone.
From within the favorites list, an unauthorized user could view the contact details of those within the iPhone owner's address book. Furthermore, the user could access the owner's voicemail from the list, and could click on a contact's email address to open up the mail application or Safari browser.
From within the Safari or Mail, the intruder would then have access to all of the user's email messages or stored bookmarks, raising obvious privacy and information disclosure concerns.
According to Gizmodo, a fix for the issue is in the works from Apple. Worried iPhone owners will not, however, need to wait that long to fix the hole.
The site notes that simply opening the iPhone's general settings fixes the problem. Users can simply the destination of the "home" button to either the actual Home screen, which requires the passcode to access, or the iPod function, which does not access the phone features.
Users can bypass iPhone security
By Shaun Nichols on Aug 28, 2008 4:01PM