Comments on: Another iPhone bug?

Security conscious 12-year-old discovers new security hole in iPhone that allows people to see incoming text messages even when the passcode lock is enabled.

[BruinGuy]

The iPhone is starting to resemble I.E. 6.

[M C]

That is, if your friend could come over, get on your computer and personally mess with your IE6 to make it not work right.

The whole point with a locked phone is that NO ONE CAN PICK IT UP AND PUT IT INTO EMERGENCY MODE AGAINST YOUR WILL. Geez.

[rapier1]

This somehow makes it acceptable? If the idea that physical access trumps all security concerns then why even bother with passcode locks on any portable device? No, if you are going to implement a feature then you owe it to your users and your investors to do it right.

[goodspeed8701]

having you ever eaten an apple with a worm in it? well buy an iphone and you will feel like that.

[M C]

Insert clever joke that only I think is funny here.

[EbsanU]

Haha. I mean of course there are gonna be "massive" security holes in a device that's always at the front of the headlines. All phones have 'em, we just don't care enough.

And seriously, the best security fix to this is to keep your phone with you, and not give your parents the chance to even touch the phone.

On another note, the title of this article is entirely misleading. Looks like the parent found the security hole, not the 12 year old kid.

[jtaylor475]

Anybody else wonder how a 12 year old manages to get an iPhone, a girlfriend, and convince his dad he deserves complete privacy? Either the brat is 18 or his dad is an idiot. Or both. In any case I expect a message soon: "Bobby, I'm knocked up. I thought you said if we did it by your iMac I couldn't get pregnant!"

[speechup]

Nice! You got it!

[etiahwhite]

lol...easily one of the funniest comments eva

[fooldog01]

hahahaha

[Lerianis]

You are an absolute idiot, jtaylor475. The fact is that parents who KNOW WHAT THEIR CHILDREN ARE DOING AND KNOW THAT THEY HAVE A GIRLFRIEND (which, by the way... most children have in ELEMENTARY SCHOOL NOW!) are less likely to have a child get a friend pregnant or get pregnant themselves.

Secondly, I gave my children this much privacy.... and it wasn't a problem. The fact is that children DO DESERVE PRIVACY. If you don't give them that.... they are going to start hiding EVERYTHING from you, and you are going to have quite a few problems.

[jtaylor475]

To the parent who called me an "absolute idiot" for believing 12 year olds don't need COMPLETE privacy: thank you for demonstrating something else you're teaching your children: to insult and berate those who don't agree with you.

Way to go!

[bornlikethis38]

lol, i love this dude! *clapping repeatedly*

[Muhammad I.]

What's wrong with a 12 year old having an iPhone, girlfriend, and some privacy?

[azn_maxx300o]

agree

[052499]

well said!

[jumpjetta]

Who. Cares.

If ur srsly worried bout some1 c-ing ur im drivel...

...about all the inane things that happen in your life, than you probably really need a reality check, or you're the type that thinks it's okay to send credit card numbers via email, too.

Besides, how many total iPhone "security" issues (if you could actually call this one) have there been? Three?

[sflocal]

I'm still trying to get past the 12-year-old having an iPhone!
Having a girlfriend is a very close second.
Daddy is having priority issues here.

[Hernys]

What? You call "being able to see confidential messages without being logged in" a non security issue?
You've seriously drinked the kool aid...
And before you say that an SMS is not confidential, think that it is about as confidential as email, and this is in a device that has explicitly been set up not to show SMSs without being logged in.
I think there have been more than three security issues with the iPhone 2.0 (a single update last month alone fixed about eight vulnerabilities), but even if there were three, three in less than two months for a phone is some sort of a record.

[blakestar]

How do you "place the phone in emergency mode"? If doing so requires physical access to the phone and knowledge of the passcode to get into the device then this doesn't sound like much of a security issue.

[newmacgyrrl]

I agree. I believe all you do is swipe the phone and instead of typing in the passcode you hit "Cancel" and it displays the keypad for emergency phone calls. This really isn't that much of a security hole within the phone itself.

[newmacgyrrl]

Correction -- after swiping the phone on you hit the Emergency Call button and can then make calls or receive messages.

[Vegaman_Dan]

The iPhone was never promoted as being a secure device. Anything that allows all applications to run as root cannot be considered as anything other than unsecure.

Once you realize that you have no privacy or security on the device, then it's fine. People should be careful of what they have on there in the first place and place less faith in the device to do the monitoring for them.

[ashwinkn]

When Apple first announced the 2.0 software update, one of the things they were promoting was increased security for enterprise users. I don't know who would use an insecure device in the enterprise.

[sciontcya]

"Unnamed son" is really Tommy Krazit and now he has no date this weekend.
Good lord, is this really all CNET has?
You're like SNL picking on Palin week after week.

[TechSlap]

alright... Seriously get something better to right about. It seems like your running out of stories. This is far from a security flaw. Nothing really with security nor flaw. Its about a kid and a text message... Yeah... Big news guys.

[fdunn3]

"Seriously get something better to right about."

I think you meant "Seriously get something better to write about."

When one can't even use the correct words to convey thought I'll dismiss that thought.

[TechSlap]

Hey I'm an Engineer, not an English Teacher. Were not known for our writing abilities.

[ferretboy88]

Like a slice of swiss cheese.

[anilsudh]

Slow news day huh!!! Get a real job

[maverick_nick]

Ha ha... fanboy - LMAO

[rapier1]

Generally speaking, people lock phones because they want to prevent other people from being able to access the information on the phone without a passcode. This is, as far as I'm aware of, the expected behaviour. If people who have access to the phone do not need a passcode to access information on the phone then this seems like a problem. I'm not sure how people can argue that this isn't a problem.

[anilsudh]

People who lock their phones are stupid, idiotic, morons

[mikeburek]

When CNet reports news, they don't just report the one huge story that will impact all life as we know it, they report lots of news items. Some things just aren't huge. What is wrong with reporting lots of things if those things are reported correctly, unbiased, well written, and supported by fact? What did all these people think they would read about in an article title "Another iPhone bug?" Did they think CNet put the wrong title on a story that can predict the stock market?

And yes, when a very widely adopted device says it is secure, but can easily be fooled, then that is a security problem.

[dmjossel]

"Generally speaking, people lock phones because they want to prevent other people from being able to access the information on the phone without a passcode. This is, as far as I'm aware of, the expected behaviour."

All that means is that many people use things for purposes for which they were not intended. Which is true. Phones had locks on them before they ever had any significant amount of "personal" information on them, and in many cases, even then the information was actually stored on the SIM card, and not in the phone's memory. SIM cards usually have their own, separate locks-- but with this, as in all cases, physical access eventually trumps nearly every reasonable security precaution you can put in place.

Phones have locks to prevent unauthorized persons from making calls and thus costing you money. This so-called flaw does not allow that.

This may be a behavior that people don't expect. It may be something Apple should patch. But to call this "insecure" is a real stretch. You shouldn't be sending information that needs to be "secure" in an SMS.

This is a non-issue and a non-story.

[rapier1]

I have a few hairs I'd like to have split. What are your rates?

Seriously, I do agree with you insome ways - with physical access and a complete dedicated to break any security most any device is insecure. However, passcodes aren't about providing the highest level of security but discouraging the most frequent and most likely security issues. Its not about turning your iPhone into Fort Knox, its about locking the door and closing the windows when you park your car. If *any* company failed to provide this very basic level of functionality they should be taken to task for it.

[BLipman72]

There is an emergency call button on the enter passcode screen. You do need physical access to the phone to see the incoming messages. It is not as siginficant as the last bug where your data could be accessed.

[tipoo_]

how does a 12 year old have an iPhone AND girlfriend?

[DigitalFrog]

Maybe he got the girlfriend because he got an iPhone? I think there was a rumor that GFs were an available option.... :)

[Rick Cavaretti]

I see no problem. I too would be worried about a 12 year old with a girlfriend, so think about it as a parental security feature.

[Lerianis]

You know, I just LOVE people who are living in the stone age and don't realize that children have girlfriends and boyfriends in ELEMENTARY SCHOOL now! What year are you living in: 1593? Oh wait..... they had girlfriends and boyfriends THEN as well at 12!

[BruinGuy]

Is there any wonder why business consider Apple products toys and don't deploy them?

Could you imagine the humiliation a CIO who has deployed iPhones is going through right now? Better to leave that tidbit off the resume.

[anilsudh]

I think you company will be the next one to go bankrupt

[shinji257]

@blakestar: You do not need the passcode to use emergency mode. Emergency mode is basically you can dial 911 and that is it.

@Vegaman_Dan: Applications do not run as root. There are two users on the iPhone. mobile and root. mobile is what they run as.

@dmjossel: It's an issue because Apple has a switch that allows the user to enable or disable the preview when the screen lock is in use. This is regardless of the passcode. If the screen lock is active the sms messages should not be visable at all (i.e. no preview). Emergency mode still has the screen lock enabled so it should not be showing sms previews.

[moshelinho]

how is that a bug? its a feature, isnt it?