Security Flaw In iOS 4.1

It seems like there’s a huge bug in iOS 4.1 for iPhone: with a combination of sleep / power button and a fake emergency call, it is possible to access the iPhone’s contact list and phone keypad even if the device is locked. I personally tested the method and, indeed, it works: I was able to bypass iOS’ passcode lock check and make a phone call to a friend of mine.

It works both on non-jailbroken and jailbroken devices.
To reproduce the bug, make sure to have a passcode lock turned on and lock your device. In the lockscreen, tap on Emergency Call in the lower left corner. Now type a non-existent emergency number,UPDATE I tried # Start the call, and hit the sleep button. You’ll be brought to the contact list.

UPDATE: As Abraham reports, the Field Test application won’t start either in the “protected mode”, but you’ll be able to gain email access. Tap on a contact, then “share contact” and boom – you can send an email. As you can guess, email access exposes all your configured email address and contacts. MMS sharing works as well

Check out the MacMagazine video below. If you’re able to reproduce the bug on your devices as well.

Via : macstories