A pretty major security hole has been found in iOS 4 for iPhone. This flaw lets you access the contacts of a password protected iPhone. No hack or technical skills needed.

On a password protected iPhone, tap the “Emergency Call” button then enter ###. Tap the Call button and immediately hit the Lock button. It will open your iPhone Contacts app from which you’ll be able to browse, edit, email, any contact.

Watch this Brazilian dude demonstrating the security flaw in action…

Bug no iOS 4.1 from Salomão Filho on Vimeo.

No doubt this bug will be fixed in iOS 4.2.

[9 to 5 Mac]

  • iH8PoisonRa1n

    Why would you post a way to do this. this will only tell people who have stolen an iPhone how to hack it.

    • It’s also a way to let people know their iPhones might be at risk…

      • AppleBits

        I like “being in the know” of what’s out there. Thanks for the heads up, Sebastien!

      • I agree I rather know about the errors !

  • greenone

    it dont fully unlock, just the names and phone numbers, favorates, recents, contacts, keypad, (same as if you hit the phone icon.) and to get out of it, you have to completely reset the phone. i look at it like this.. IF this was a lost phone, at least a person could partialy unlock it to get a phone number to contact you and let u know they have your phone. (either to tease you about it or to return it. heh)

    • TheAngryPenguin

      Reset not required. Just hold down the Home button to bring up Voice Control and then exit out of it normally.

  • Chappo

    I don’t see this as a bad thing I see it as a benefit as If I do find a iPhone thanks to this trick I can get a family members number and call and return the phone

    • Moi

      Are u for sure going to return it to the owner? 🙂

  • Jacky

    I try this trick on iPhone 3GS. It does not work. So I think my phone it safe

  • Ponycrest

    mmm…. very interesting

  • sk@tta

    Could this flaw be used to Hactivate or possibly Jailbreak?

    • riaz

      lol …. u are so innocent ….go play with some toys kiddo …

  • Sorry, Will they be able to fix this?

  • TheAngryPenguin

    FYI, voicemail is also accessible.

  • geo

    That’s actually in the iPhone 4 User Guide.

  • i’m running iOS 4.2 beta 3 and it’s not working.

  • Pissed_Off_NERD!

    Holy Shit i just tried it on my 4.1 and although it doesnt let me in the email it lets me in my entire contact list and text! WTF!!!!!!!!!!!!!!!!!!!!!

  • Justin

    I tried it, it works but after a few seconds it just goes back to the lock screen.

  • TG

    Can’t replicate it on my 4.0.1 for iPhone 4

  • Kingz

    This is a old bug. U guys r several months late to the party

  • Eldaria

    Tried this on my 3GS on 4.1, and it did not work, so it looks to be iPhone 4 only or it is fixed in 4.1.

  • Chico

    Also if you try to edit your contact photo you’ll have access to the phone photos.
    That’s a massive hole

  • brent

    Do a lot of you passcode lock your iPhone? I don’t know anyone who does. Just curious. The thought of entering a PIN every time I use my phone is not appealing to me at all.

    • I don’t password lock my iPhone either. The only time I did was when I traveled through South East Asia. After a few days I got tired of entering the password and removed the lock.

  • Sucre187

    For those says 3GS not working;
    Glitch working on my 3GS 4.1.
    You nid to b quick buddy! 😉

  • Bruce Wayne

    That’s why my iPhone is either in my pocket or my hand at all times 🙂

    Only time it’s by itself is when I charge it at home…but the wife has my password already anyways…

  • @Sucre187

    I have tried this so many times now, and I can’t reproduce it. Even if I push call and sleep at the same time, all it does is to turn of the screen.
    Perhaps it is due to Jailbreak or something, I used Pwnagetool to upgrade from JB 4.0.1 to JB 4.1.

  • Mirbek

    That did the trick! Once you get into the phonebook, buttons stopped working.