IOS 5 Exploits – How Safe is Your Locked iPhone 4?

First off let me say I absolutely love Apple products, however for the longest time they were not that popular. Now that the install base has become so large in the last 10 years malicious coders are starting to realize the benefit of exploiting not only Mac OSX but also IOS. I am against IOS jail breaking and have not even tried it on any of my devices, but that doesn’t mean that you can’t exploit your IOS device.

I just ran into this today and was amazed that I haven’t heard of it until now. Published on February 5, 2012 “Ade Barkah” claims that he can get information from your address book, make phone calls, and even start a FaceTime call on a locked iPhone 4 with IOS 5. I had my doubts that this would still work, so I grabbed my iPhone 4 with IOS 5.1 and gave it a try.

The first thing that I noticed was that I still had voice dialing enabled. Holly Crap! **Thunk** should have had a V8! Well beside the fact that my phone wasn’t locked down all that good it did get me to turn off voice dialing. WHY Though?! Apple still has not fixed the exploits that were published in February! Read all about getting into the device (simply) when it is locked here. The article goes through step by step on getting information out of a locked iPhone 4, how to place calls, and even place a FaceTime call.

So this makes me start to think, what else has Apple ignored? What was the last thing like this I heard about? The iPad 2 “smart cover unlock”! For those of you that haven’t heard of this or tried it, it is really cool. What you do is take an iPad 2 and lock the screen. Then close the smart cover. Open the smart cover and hold the power button until you see the slide to shutdown screen. Close the smart cover, and then open it again. You still see the slide to shutdown screen. Tap “cancel” … WTF?! Yep, that’s right, your iPad2 is now unlocked.

Could this really still work? I gave ‘er a whirl on an iPad 3 and … Nope. Apple fixed this one. So how is it that a company would fix this issue (even though very old) that was posted on a similar blog, and ignore something from February when IOS 5.1 was still not released? Is this exploit hardware related? I was able to confirm that the exploits for the iPhone 4 did work, and they also worked on the iPhone 3GS. I would like to find out if it would actually work on an iPhone 4S I just have to get my hands on one first.

Now everyone knows how secretive Apple is when it comes to development, and security. Its fine, I actually think it is a huge reason that the company has such successful launches. I even watch the blogs when the keynote starts! But where do you draw the line between secrecy to protect your intellectual property, and letting your customers know when they may be at risk? This is something that troubles me. Who knows what zero days are out there for Mac OSX and IOS, that Apple and a few black hats know about? Ask yourself this now. How safe do you feel with all that information on your iPad, and iPhone … that may not be as safe as you think it is?

Leave a Reply

All Work on this site is not to be reproduced without written permision from Nick Schroedl.