iOS security flaw bypasses locked iPhone

A MacRumors forum member has positively identified an iOS (4.1) security breach that allows unauthorized users to make outgoing calls from a locked iPhone.

So, how does it work?

“When your iPhone is locked with a passcode tap Emergency Call, then enter a non-emergency number such as ###,” MacRumors member “jordand321” explained in a forum post.

“Next, tap the call button and immediately hit the lock button. It should open up the Phone app where you can see all your contacts, call any number, etc.”

However, as BGR’s Andrew Munchbach notes, the “home” button remains passive throughout the process.

“[Yes, this effectively] prevents users from [automatically] jumping to the home screen.

“[Nevertheless], going to the ‘contacts’ tab, selecting a contact, and clicking ‘Email’ or “Share contact” will allow a bypasser to send emails and [even] MMS messages.”