While we make great hay about the security built in to OS X, there is apparently a tiny hole in the iPhone that allows someone to access your data and certain apps -- even when you have passcode protection turned on.
I think I'll be removing my Favorites until this gets cleared up. Can anyone confirm if this exists in the 2.0/2.0.1 versions? Just curious if it's always been there or if it was introduced at 2.0.2. I'd bet that it's always been there.
1st off, the odds of someone knowing how to do this, and then someone finding you are pretty darn small. Go play the lotto, you'll do better.
__________________
iPhone 3G (sorry Sprint, I have been to the mountain top!) <-- Sprint Mogul PPC 6800 (not enough memory) <-- PPC 6700 (loaner from sprint) <-- PPC 6600 (no EVDO) <-- G1000 (no SMS) Cardo Scala-500 BT
I'm rockin Verizon Fios baby! 20Mbs is dumb fast! http://www.speedtest.net/result/295783856.png
I don't think ignoring the problem or hoping people won't figure out how to do it is the best solution.
I'm not sure what you mean by "finding you".
The passcode lock should prevent all access to the OS, whether through the phone or through iTunes. I don't care if someone wipes the phone and reactivates it, but, for Apple to have a viable business solution, you can't have holes like this. I'm sure they'll fix it, and I'm also sure that I'll work around it until they do.
I don't think ignoring the problem or hoping people won't figure out how to do it is the best solution.
I'm not sure what you mean by "finding you".
The passcode lock should prevent all access to the OS, whether through the phone or through iTunes. I don't care if someone wipes the phone and reactivates it, but, for Apple to have a viable business solution, you can't have holes like this. I'm sure they'll fix it, and I'm also sure that I'll work around it until they do.
Yes it is a flaw and its been there always Temporary solution>>>>set your double-tap Home Button to something other than favorites.
__________________
Funny it worked.....the last time!!Now I am not sure what was working before they put a hole in my head!!!!
I don't think ignoring the problem or hoping people won't figure out how to do it is the best solution.
I'm not sure what you mean by "finding you".
The passcode lock should prevent all access to the OS, whether through the phone or through iTunes. I don't care if someone wipes the phone and reactivates it, but, for Apple to have a viable business solution, you can't have holes like this. I'm sure they'll fix it, and I'm also sure that I'll work around it until they do.
I agree this is a serious flaw, one of the main reasons I use a key lock is to keep sensitive mail and contacts from being stolen, the other big reason which luckly this doesn't expose is I use the H@me app to control my security/automation system, If someone got my phone and it was unlocked they could disarm my alarm and open my garage door!
The big key to this is someone has to have physical access to the phone, don't leave your phone laying around and no worries.
This is a very disturbing view of mobile device security. So far I've heard:
Don't allow your device to ever be lost or get stolen.
If it does, just assume that whoever finds it does not have nefarious intent or will be too stupid to figure out how to use Google.
That's just not an acceptable approach.
FWIW, I tested this out, and by double-clicking home (after selecting "Emergency Call" from the PIN lock screen) and opening a "Favorite" contact with an email address, I could create a new email, hit cancel, and then have full access to my inbox.
There is a security flaw in your wallet. If you leave it on a table and walk away, someone could pick it up. If they hold it just right, they can figure out how to flip one flap over and reveal the contents. Even the 3G version with 3 flaps is vulnerable if the person who picks up your wallet learns to flip the other flap also.
Conspiracy theorists have determined that even if you turn your credit cards around so that you can't see info on the card, some hackers are clever enough to pull the card out of the slot AND turn it around to gain access to personal information.
Wouldn't the defeatist be someone who possessed allegedly valuable info, lost it, and refused to take responsibility by blaming the media the info was stored on?
ROTFLMAO JMT - that hit it right on the spot. I don't use the pin to lock my iPhone because it would be more of an issue for me than someone who got my iPhone. You have to protect whatever is important to you. That is why you get software like eWallet.
__________________
It's working for me, there must not be anything wrong!
Wouldn't the defeatist be someone who possessed allegedly valuable info, lost it, and refused to take responsibility by blaming the media the info was stored on?
Dang it Joe, you make sense and it is NOT acceptable
__________________
Funny it worked.....the last time!!Now I am not sure what was working before they put a hole in my head!!!!
Wouldn't the defeatist be someone who possessed allegedly valuable info, lost it, and refused to take responsibility by blaming the media the info was stored on?
You are making it apparent that you don't know what "defeatist" means...
There's a lot of things in life I don't understand, but we won't get personal with this.
I thought a defeatist was someone overly willing to accept failure. Then I went out on a limb and concluded that if someone called irresponsible usage of an iPhone (or wallet) a security hole, they are saying the media storage device has failed them.
Maybe we need a lawyer to determine if reasonable and responsible care of the iPhone would keep it out of the hands of malicious identity thieves. I know that I wouldn't leave my iPhone laying around any place that I wouldn't leave cash totaling the value of the phone.
Maybe we need a lawyer to determine if reasonable and responsible care of the iPhone would keep it out of the hands of malicious identity thieves. I know that I wouldn't leave my iPhone laying around any place that I wouldn't leave cash totaling the value of the phone.
I'm staying out of this one. You'll have to find another lawyer to resolve this dispute.
__________________
-Jay The Fine Print:Nothing in this post (or any of my other posts) is intended to constitute legal advice or the establishment of an attorney-client relationship. For purposes of this forum, I'm just another nerd like you. :-)
The ol' security debate... it is as simple as protect that which is valuable to you, otherwise be ready to give it to someone else. If that isn't acceptable, then secure it!
You can either do nothing and keep it all handy and usable (and assume it is disposable) or else secure it and make it harder for everyone to access. That is the nature of security. Whether physical security, electronic security, or any other kind...
There's a lot of things in life I don't understand, but we won't get personal with this.
I thought a defeatist was someone overly willing to accept failure. Then I went out on a limb and concluded that if someone called irresponsible usage of an iPhone (or wallet) a security hole, they are saying the media storage device has failed them.
Maybe we need a lawyer to determine if reasonable and responsible care of the iPhone would keep it out of the hands of malicious identity thieves. I know that I wouldn't leave my iPhone laying around any place that I wouldn't leave cash totaling the value of the phone.
I am a lawyer - does that mean you concede?
The value of the contents on the phone, in my case, far outweighs the value of the phone itself. My card information is all stored in eWallet, but my email is open. I rely on Apple to provide a lockdown to prevent people from accessing it. I understand nothing is 100% secure, but this is only 10% secure, at best. You don't even need to plug the phone into a computer to compromise it!
I also understand (as I'm sure you do) that you can't prevent your phone from being stolen or lost. You can reduce the likelihood, but you can't prevent it. I do that the best I can.
So, the first line of defense is me - reduce the likelihood of the phone being stolen, reduce the ability of anyone to access data if it is stolen. The second line of defense is Apple, and they've botched it on this front. I trust this is something Apple will fix soon, but it's a bit concerning that they reopened an bug that was already closed in 1.x. By all accounts they want the iPhone to be a legitimate player in the enterprise.
I agree with onlydarksets, everyone has different requirements with their personal information, no security mechanism is 100%, the more layers or depth reduces the likelihood of a compromise, but more layers must be transversed to gain legitimate access.
It is a personal choice in this situation. My choice to add an extra 4 digit pin check to gain access to my phone beyond the first line of defense which is physical access. The feature exists, I expect it to work correctly, and if not I would classify as "serious". If you are comfortable without this and physical access protection is enough for you fine, but you cannot argue adding a keylock would not provide greater protection.
For me I would rather have one passcode to enter to gain access to all data on the phone, rather than compartmentalized with passwords for each individual application(ewallet,security system,web sites), so long as that one passcode mechanism work correctly .
I can understand it being a nuisance to enter a passcode every time you use the phone, which is why a compromise with the keycode only being required after 15 mins of non use, this lessens the annoyance when using frequently while still preventing the most likely case of losing the phone and having someone pick it up later gaining access. But this does leave a 15min window of opportunity, but that is my personal level of comfort.
Temporary solution>>>>set your double-tap Home Button to something other than favorites.
Login
Panel
