Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

SECURITY HOLE in iPhone passcode lock

S

superlatives

macrumors member
Original poster
Aug 1, 2007
31
0
Hi:

FYI this is my first post here.

Given that there's no "loss coverage" for the iPhone, I decided to put a passcode on my handset; I figured that at least it would make it a bit harder if some crook swiped my iPhone.

This AM I discovered the new iPhone patch and applied it to my phone. However, in the process of upgrading, I found a possible "hole" in the passcode lock. The way it's designed, iTunes SHOULD not allow a "foreign" iPhone to connect if that handset has a passcode.

But I found a way for a crook to bypass the iTunes lockout ... and as a result, be able to access the victim's iPhone -- as well as the handset's activated SIM card and wireless service.

How? There are two ways:

1. The simplest is to enter iPhone Recovery mode (hard boot with the yellow arrow); or

2. Install Jailbreak on the handset.

After that, when you connect the iPhone to a CLEAN copy of iTunes, you can then connect.

Once connected , all the thief has to do is perform a full system restore.

When the restore is complete, iTunes will prompt for a new activation. HOWEVER ... since the SIM card is already activated, all you have to do is leave the iPhone connected for less than a minute. Eventually, AT&T's towers will see the already-activated SIM and "re"-activate service.

FYI I tried this on three PCs that had NEVER had iTunes installed. PC 1 saw the passcode lock and refused to connect. PC 2 connected to an iPhone in the middle of Recovery mode. PC 3 connected to a passcode-locked iPhone with Jailbreak installed.

I don't know if a hole like this CAN be fixed, short of the passcode being written to a chip.

Bottom line: the passcode isn't invulnerable.

I welcome any thoughts ... or better yet, any suggestions on how to secure my iPhone better (short of keeping it in a safe!).

For now, I've UNlocked my own iPhone; I'm sure the crook that MAY steal my handset will have read this post ... so why go through all the added keystrokes?!? :)
 
Do you really think a crook/thieve that might steal a cell phone would know how to do all that? :D
Either way if you lose it or get it stolen you're screwed.
 
If someone gains physical access to a computer, there is nothing you can do to stop them from getting into it if they want to.

the same applies to your iphone, or any pda or smartphone.

If someone steals your phone, I would think them bypassing your lock code on the phone would be the least of your worries.
 
Well said.
I wish it had a self destruct feature in it incase it gets stolen you can shut it down by deactivating it :D
 
superlatives said:
Hi:

FYI this is my first post here.

Given that there's no "loss coverage" for the iPhone, I decided to put a passcode on my handset; I figured that at least it would make it a bit harder if some crook swiped my iPhone.

This AM I discovered the new iPhone patch and applied it to my phone. However, in the process of upgrading, I found a possible "hole" in the passcode lock. The way it's designed, iTunes SHOULD not allow a "foreign" iPhone to connect if that handset has a passcode.

But I found a way for a crook to bypass the iTunes lockout ... and as a result, be able to access the victim's iPhone -- as well as the handset's activated SIM card and wireless service.

How? There are two ways:

1. The simplest is to enter iPhone Recovery mode (hard boot with the yellow arrow); or

2. Install Jailbreak on the handset.

After that, when you connect the iPhone to a CLEAN copy of iTunes, you can then connect.

Once connected , all the thief has to do is perform a full system restore.

When the restore is complete, iTunes will prompt for a new activation. HOWEVER ... since the SIM card is already activated, all you have to do is leave the iPhone connected for less than a minute. Eventually, AT&T's towers will see the already-activated SIM and "re"-activate service.

FYI I tried this on three PCs that had NEVER had iTunes installed. PC 1 saw the passcode lock and refused to connect. PC 2 connected to an iPhone in the middle of Recovery mode. PC 3 connected to a passcode-locked iPhone with Jailbreak installed.

I don't know if a hole like this CAN be fixed, short of the passcode being written to a chip.

Bottom line: the passcode isn't invulnerable.

I welcome any thoughts ... or better yet, any suggestions on how to secure my iPhone better (short of keeping it in a safe!).

For now, I've UNlocked my own iPhone; I'm sure the crook that MAY steal my handset will have read this post ... so why go through all the added keystrokes?!? :)
Click to expand...

In the mean time that the crook is trying to do all that, you could be calling at&t and have them stop your service and they won't be able to use your phone.

:)
 
Canuck4 said:
Do you really think a crook/thieve that might steal a cell phone would know how to do all that? :D
Either way if you lose it or get it stolen you're screwed.
Click to expand...

they would now wouldnt they!!!!! can we hide this thread so only us few can kno about it :p.

id die if i lost such a loved possession
 
Canuck4 said:
Well said.
I wish it had a self destruct feature in it incase it gets stolen you can shut it down by deactivating it :D
Click to expand...

That sounds like a good idea, a self destruct feature that makes the phone blow up. Then have it timed so that it will go off when a thief is about twenty second into a phone call. Haha that would be funny.
 
Yep, maybe it can play a small sound file from Mission Impossible before it self-destructs:D
Now that would be awesome :D
 
You guys do know that Blackberry's do have a wipe feature right? If you lose your blackberry, all you have to do is call the Blackberry Enterprise Server Administrator and they can do a "wipe" and it basically does a restore on the device out the field, and they can totally turn it off.

Your data that way is safe, and the phone is basically useless to the thief.
 
Canuck4 said:
Do you really think a crook/thieve that might steal a cell phone would know how to do all that? :D
Either way if you lose it or get it stolen you're screwed.
Click to expand...

I agree that either way, I'm screwed!

When I first put the passcode on, my initial thought was "Well, if my iPhone gets heisted, at least th crook will have stolen a "brick".

As far as "deterrence", I was thinking not about the pro thief but about the office coworker. If he or she saw the phone on my desk, picked it up, and saw the passcode, th coworker would think twice.
 
Andrmgic said:
If someone gains physical access to a computer, there is nothing you can do to stop them from getting into it if they want to.

the same applies to your iphone, or any pda or smartphone.

If someone steals your phone, I would think them bypassing your lock code on the phone would be the least of your worries.
Click to expand...

Well, although I haven't owned TOO many handsets so far, I have to say that the iPhone is the first one where the lock CAN EASILY be bypassed. Two previous handsets wrote the passcode to an EEPROM which couldn't be accessed, even by a manufacturer's phone software toolkit. For those handsets, the manuals had repeated warnings of "Lose the lock code and there's nothing we can do to bring it back"
 
chadsteruw said:
In the mean time that the crook is trying to do all that, you could be calling at&t and have them stop your service and they won't be able to use your phone.

:)
Click to expand...

Chad:

You're right. And of course I would.

HOWEVER .. in that regard, I did find out something when I tested this hole.

During one "restore" of a locked iPhone, I was not "patient", and disconnected my handset from iTunes during the activation screen. (had I let the iPhone sit a minute, the SIM would've been RE-activated by iTunes).

What happened? I THINK the same thing as if AT&T disconnected service to the SIM: there was "No Service" displayed. However, all other functions (iPod, Wifi, videos, even Safari) worked. I guess it's th same as the activation bypass hack.

My point: the crook couldn't "call" ... but he could still use the other iPhone features.
 
superlatives said:
When I first put the passcode on, my initial thought was "Well, if my iPhone gets heisted, at least th crook will have stolen a "brick".
Click to expand...

That's where your understanding might have been a bit off. I don't think the passcode feature was ever intended as a 100% antitheft system (will have to go back to the manual to see what language they use to describe it). It was simply meant as a way to protect any private data you may have on the phone (confidential company emails, etc.) from falling into the wrong hands.

Yes, someone can take the phone, and do all the things you say - but it will be wiped clean as a part of the process, so your data doesn't fall into the wrong hands.

So perhaps the title on this thread is a bit wrong/alarmist.
 
Wirelessly posted (Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1C25 Safari/419.3)

Canuck4 said:
Well said.
I wish it had a self destruct feature in it incase it gets stolen you can shut it down by deactivating it :D
Click to expand...

Yeah the only problem would be if sometype of bug would arise affecting that feature. Imagine all of a sudden you feel a burning sensation in your left pant pocket and start to smell and see black smoke.
 
opticalserenity said:
You guys do know that Blackberry's do have a wipe feature right? If you lose your blackberry, all you have to do is call the Blackberry Enterprise Server Administrator and they can do a "wipe" and it basically does a restore on the device out the field, and they can totally turn it off..
Click to expand...

The latest Exchange can do remote wipe to Windows Mobile 5+ devices under its care.

I recently saw a cool app to download to other phones... you set up a special code that the phone stores away.

If you lose your phone, then you just Text message the code to it, and it locks itself. You can manually reenter the code to unlock. I like the text messaging remote control idea ... pretty slick.
 
That would be cool.
You know where to get that prog and if it would work with an iphone?

kdarling said:
I recently saw a cool app to download to other phones... you set up a special code that the phone stores away.

If you lose your phone, then you just Text message the code to it, and it locks itself. You can manually reenter the code to unlock. I like the text messaging remote control idea ... pretty slick.
Click to expand...
 
Very nice, that would be really usefull if it can work with our phones down the road.
 
When the iPhone does a "recover" it gets info from the computer that has the back-up for that specific iPhone.

As far as jailbreak.Same thing almost.

This is not a security hole.
:rolleyes:
 
as far as making calls goes, isn't that what the sim pin is for? you lock your sim card so it requires a passcode to use it
 
opticalserenity said:
You guys do know that Blackberry's do have a wipe feature right? If you lose your blackberry, all you have to do is call the Blackberry Enterprise Server Administrator and they can do a "wipe" and it basically does a restore on the device out the field, and they can totally turn it off.

Your data that way is safe, and the phone is basically useless to the thief.
Click to expand...

Aren't there things like this for PCs and Macs as well?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back