Are you an iPhone owner and already upgraded your device to the latest version of iOS 5.0.1, and is your iDevice fully secured and protected with a password? Then you have to know about what we are talking. Details after this jump!
Canadian tech blogger Ade Barkah has discovered a new security loophole in iOS 5.0.1 that make easy to anyone make calls out even with security passcode enabled. This loophole has been confirmed to work on bothe the iPhone 4 and iPhone 4S seamlessly. Here’s what Barakh detailed about bugs on his official blog:
We’re able to trick Voice Control to enumerate through the private address book and make live FaceTime video calls on a locked iPhone 4, even with Voice Dial specifically disabled in the settings.
Barakh himself tested his iPhone, set it up with highest security settings and with a passcode enabled and turned off the voice control. Though he could make calls from emergency page through sending commands in the voice control without typing his password. While the voice calls didn’t go through actually, he could make FaceTime calls and look through all contacts and their pictures.
Now Voice Control leaks that I have two numbers for Lisa Klein: her “mobile” and another number at the “love shack“. Had this been my jealous girlfriend probing my locked phone, I would’ve been totally busted! Remember, we’re getting all this info from a locked phone with Voice Dial explicitly disabled. So far we’ve only enumerated through the Contacts. Can we actually complete a call from the locked phone? With FaceTime, the answer is yes! Again starting from the Emergency Call screen, this time I say, “FaceTime”.
iPhone 3GS users are safe now from this problem, why? Becuase older devices don’t have an front-facing camera to make FaceTime calls, but still check the security settings. For iPhone 4S users, this will work only if Siri is turned off, because that’s when the iPhone 4S will begin using voice control.
Bigger Problem now. Anyone can easily see through you Secret contacts and call them. Apple will defenitely address this security bug in iOS 5.0.1.
Could be with the release of iOS 5.1 on March 9th, or can be expected iOS 5.0.2, which would take some days or weeks to arrive to fix this 5.0.1 bug. Via