iOS Security Hole Allows Easy Bypassing of Lock Screen

A flaw in iOS 4.1 means it is possible to access the iPhone’s contact list and phone keypad even if the device is locked.

The seemingly random set of combination of steps was first reported on the MacRumors forum. It was tested on both jailbroken and non-jailbroken iPhones, and appears to fail on 4.0.1 as well as 4.1. The flaw has been reported, but it remains to be seen if Apple will close it before 4.2 launches in November.

To bypass the lock, when an iPhone is locked with a passcode, you tap the “Emergency call” button, then enter three pound signs (or, it seems, any non Emergency Call string), hit the call button and then immediately press the lock button.

Once done, you have full access to the Phone app on the iPhone, which means you have access to the address book, voicemail, call history, and can make calls. Additionally, it was reported that Voice Control could be accessed as well.

 For those playing around with it, some have said they couldn't get their phone to go to sleep again once the procedure was done. To get around that, aside from powering down, you can also (while in contacts) tap on a contact, make a call and hit "End," after which the iPhone will return to the lockscreen asking for a passcode.

You can watch a Brazilian iPhone owner demonstrate the issue below. Apple has not publicly acknowledged the bug yet.