Researcher: Video Calling Easily Accessible on Locked iPhone 4

Ade Barkah, the researcher that not long ago proved that the media album of a locked iPhone 4 could be easily accessed by leveraging a simple bug, returns with new findings to show that not only the device’s address book is easily accessible, but that the video call feature is as well.

Without jailbreak or any other tricks, with a mere press of some key combinations he proved that a locked smartphone with a standard configuration, running an iOS 5.0.1 operating system, is not difficult to access.

By taking advantage of the fact that “iPod Voice Control is always enabled,” feature that allows the user to play songs even if the phone is Passcode Locked, Barkah managed to bypass the voice dial restriction (presuming it’s enabled).

When the Voice Dial feature is disabled, a warning message should appear to inform the user of this in case he attempts to make a call by long-pressing the Home button (shortcut for accessing the Voice Dial menu).

However, the researchers proved that if during the time when the warning message appears the Emergency Call button is pressed, the Voice Call feature becomes active once the Home button is long-pressed again.

This basically allows anyone with physical access to the device to probe the phone for certain phone numbers using the “Call” voice command. Barkah proved that by trying to call contacts with common names, the phone even provides extra information if there is more than one individual with that name.

Furthermore, if the "FaceTime” voice command is utilized, even video calls can be made.

“We’re able to trick Voice Control to enumerate through the private address book and make live FaceTime video calls on a locked iPhone 4, even with Voice Dial specifically disabled in the settings,” Barkah writes.

While this flaw may not allow hackers to remotely access devices running iOS 5.0.1, it could raise serious privacy concerns. Ultimately, the Passcode Lock was designed to protect devices from physical access, but it’s clear that the feature fails at doing so.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.