A flaw in the iOS software that runs Apple’s iPhone allows any user to bypass the password entry screen by manipulating the emergency call feature, essentially rendering iPhone passwords useless.
The flaw, first disclosed in a discussion on the forums site macrumors.com on October 22, requires attackers to access the phone’s emergency call feature, then enter any number and tap the Call button and sleep button in quick succession. Doing so opens the standard iPhone call screen, from which attackers can access the phone’s contact list, voicemail and other features.
The flaw is found in iPhone 4 mobile phones running the latest version of iOS, 4.1, and appears to work on both jailbroken and jailed iPhones, according to published reports. The flaw also appear to affect earlier versions of the iPhone running iOS 4.1, and possibly earlier versions of the OS as well.
Apple has issued a statement to Wired.com saying that it will patch the hole with the next iOS release, 4.2, which is due in November.
More details and video of the hack are available on 9to5mac.com.