iPhone’s security flaw PIN (Personal Identification Number) code bypass

November 9th 2010


SYDNEY (SMH) – A security flaw has been detected in the popular Apple iPhone that allows anyone to gain access to its phone function without the need to enter a passcode as reported by Ben Grubb and The Sydney Morning Herald (SMH) testing team.

The flaw, which SMH was able to exploit successfully involves a user pressing a couple of on-screen buttons and then a physical button, allowing them to bypass the passcode required to gain access to the iPhone 4.

Using the method, SMH team was able to make phone calls on a passcode-protected iPhone 4 with the latest software updates (prior to iOS 4.2) and also send emails of contact cards – all without entering the PIN. Photos gallery can also be seen.

On an Apple iPhone 3GS, an earlier iPhone model, which doesn’t appear to have the flaw. After further testing did allow for bypass its PIN by rapid execution of a certain button press instead of a delayed press was key to bypassing its security.

Some websites have reported that the next software version, which is currently available to software developers as “iOS 4.2 beta”, blocks the method is due for release in November. When it is released users will be able to “patch” their phone, meaning a user won’t be able to bypass security in this way.

According to SMH Apple said it’s “aware” of a security weakness that allows anyone to bypass iPhone 3G and iPhone 4 PIN codes with a few button presses and will fix it in a software update next month. Companies like Microsoft for example will, if they deem appropriate, rush out software fixes relating to security instead of waiting for the next round of patching.