Nav Ad Widget - Mobile

Collapse

Nav Ad Widget - Desktop

Collapse

Announcement

Collapse
No announcement yet.

Security firm discovers way to bypass iPhone lock

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Security firm discovers way to bypass iPhone lock

    This article was lifted from the Straits Times, dated Saturday 26th June, 2010. Some may have read it but for the benefit of those who haven't, here goes.

    Apple is aware of the situation and is looking to plug the loophole
    (Home, pg B2)

    LOCK up your iPhones.

    A Singapore security firm has discovered a way to bypass the popular phone's four-digit lock - by accident.

    The breach, found by security training and forensics firm ThinkSecure, allows someone with the right software to access the data on lost or stolen iPhone handsets not updated with the latest version of operating software, which was released earlier this week.

    The handset could even be installed with software to, say turn it into a remote bugging device without the owner's knowledge. The firm came across the loophole while trying to find a way to retrieve some data from an office iPhone, said ThinkSecure founder Julian Ho.

    An employee had set a passcode to prevent unauthorised use - then promptly forgot what it was. While the handset could be reset to remove the passcode, doing this would also wipe out the data on the phone, which the firm needed.

    When tinkering with the iPhone 3GS, the firm found a way to shift the encrypted passcode file to a different location on the phone, said Mr Ho.

    It did this by making a modification to Spirit, a popular program used to "jail-break" iPhones. Jailbreaking allows iPhone users to install software not available at Apple's official online store.

    When the iPhone is turned on, it attempts to find the passcode file. Since the file is no longer where it is supposed to be, the iPhone creates a new, blank passcode file. But because the new file is blank, the phone allows the user to access it without entering a passcode.

    ThinkSecure subsequently discovered that it could also return the passcode file to its original location. When this is done, the phone gets its original passcode back - as if it had never been tampered with.

    In a demonstration, Mr Ho was able to bypass a four-digit lock set by The Straits Times, take a quick peek at the handset's contents, and then reset it to its original passcode, in 13 minutes.

    In a statement, Apple said that it was aware of this issue and was looking to plug the loophole. While the new version of iPhone software prevents the bypass, which rides on the Spirit program, from working, Mr Ho believes it is a matter of time before a new loophole is found.

    In fact, "if we can do it, someone else can, and might have done so, too," he said.

    News of the loophole has rattled some iPhone users here.

    "If Apple cannot even ensure the security of such a basic feature, then of course I'm worried," said Apple fan Brian Chen, who has an iPhone 3GS and an Apple notebook.

    The 30-year-old engineer had not got round to updating his phone to the new operating software, but said he would do it "when you (this reporter) stop talking to me".

    The Crown Of Achievement

  • #2
    not very clear.

    so am i to say that it will only work with jailbreaked phone only?
    if you have issues with your account, click here for self help and read forum rules here. 90% of your answers can be found in Forum FAQ

    i DO NOT respond to any pm regarding account issues

    kindly email with
    1. subject heading indicating your issue
    2. your nick
    3. your corresponding email address
    4. state what you were trying to do and what the system prevented you to do


    if you receive no response in pm or email, it means your answers can be found in the Forum FAQ here

    your kind understanding is very much appreciated.

    disclaimer : all opinions expressed are personal

    Comment


    • #3
      check this article

      it does set me think about internet banking on an iphone.
      if you have issues with your account, click here for self help and read forum rules here. 90% of your answers can be found in Forum FAQ

      i DO NOT respond to any pm regarding account issues

      kindly email with
      1. subject heading indicating your issue
      2. your nick
      3. your corresponding email address
      4. state what you were trying to do and what the system prevented you to do


      if you receive no response in pm or email, it means your answers can be found in the Forum FAQ here

      your kind understanding is very much appreciated.

      disclaimer : all opinions expressed are personal

      Comment


      • #4
        Originally posted by triton View Post
        check this article

        it does set me think about internet banking on an iphone.
        all the while i nv trust internet banking.I prefer to go down personally,wasting some time but much safer.u dunno what u're exposed to when u're online.the best method is still keep ur $$ in the cracker tin under the bed.
        累了才放慢脚步; 错了才想到后悔;苦了才懂得满足;伤了 才明白坚强; 醉了才知道难忘 ; 笑了才体会美丽!

        是否我沉默了,你才能听到我的心声?是否我停止了,你才能看到我的眼泪?是否我心碎了,你才会摸到我的心痛?是否我消失了,你才会知道我的存在?

        Comment


        • #5
          You're right thn termite ll take k u $$
          Current - Seiko,Rolex,Sinn,AP & RM
          Future - Geneva hallmark
          Past - TH Carrera CV2010, Pam 111, 16610, Pam 233, 116610LV

          Comment


          • #6
            Originally posted by dennistwc View Post
            You're right thn termite ll take k u $$
            termite dun eat metal,eat wood only.my cracker tin metal wan so no worries.
            累了才放慢脚步; 错了才想到后悔;苦了才懂得满足;伤了 才明白坚强; 醉了才知道难忘 ; 笑了才体会美丽!

            是否我沉默了,你才能听到我的心声?是否我停止了,你才能看到我的眼泪?是否我心碎了,你才会摸到我的心痛?是否我消失了,你才会知道我的存在?

            Comment

            Footer Ad Widget - Desktop

            Collapse

            Footer Ad Widget - Mobile

            Collapse
            Working...
            X