Apple acknowledges iPhone passcode flaw, promises fix next month
by Chris Ziegler 
posted Aug 28th 2008 at 5:04PM
Apple's taking a pretty lackadaisical attitude toward one of the most easily avoided security flaws in recent memory, calling the iPhone's passcode lock bypass a "minor iPhone security issue" and saying that a fix will be rolled out in September. Thanks, Apple; we suppose it'd be a little too much trouble to ask for a fix sooner, even though you already fixed it once in 1.1.4. For what it's worth, a company spokeswoman is quick to point out that the flaw can easily be hidden by changing the home button double-click functionality to take you to the home screen, but most users don't know that, now do they? Way to show some hustle, guys -- cookies and gold stars all around.
Filed under: Cellphones, Handhelds
Reader Comments (Page 1 of 2)
Kiwi616 @ Aug 28th 2008 5:08PM
I think its pretty funny...as this has been out for a few days now and until Apple acknowledges it...it wasn't posted. I guess we have to wait for a positive spin first.
Chris Ziegler @ Aug 28th 2008 5:10PM
It was posted. Look harder.
Thi mam(kris120890) @ Aug 28th 2008 5:16PM
Anybody realised since the new editor took over the engadget writers have started fighting back.
phanbouy @ Aug 28th 2008 5:18PM
ryan always did...
Kiwi616 @ Aug 28th 2008 5:21PM
@Chris Ziegler
Don't get me wrong, I love the iPhone and Apple but this should be on the Engadget Mobile Website only.
Nate @ Aug 28th 2008 5:23PM
yeah, but the new editor doesn't reply himself when asked a direct question that he doesn't like (come on Josh, give us another glib answer).
Richard Lai @ Aug 28th 2008 5:34PM
Veronica used to hang out here... :(
WarMouse @ Aug 28th 2008 5:38PM
There's no positive spin in this article. They bring up Apple's failure to address the problem in a satisfactory manor, while bringing up all the important counter-points.
The problem was originally posted in Engadget Mobile; many readers complained, accusing Engadget of having a positive bias towards Apple, and thusly, purposely not reporting on their main page about an iPhone problem, whereas other Apple related news still received coverage.
Engadget responded appropriately, by waiting for the next update to the story to occur, and covering it on their main page, since it seemed there was ample demand for the information.
They didn't over-cover this story and pander to either side of user responses by either completely ignoring it, or double posting the original article as well as publishing this update.
Also, Engadget writers have always randomly responded. Ryan started to do it more-so later on. The reason why it's increasing? More and more readers are directly confronting Engadget, and specifically attacking writers. Rather than giving criticism, people are just calling the writers incompetent or biased, and feeding on hate, for Apple, Microsoft, or just this website in general.
RELAX. Don’t do it. When you want to to go to it. Relax. Don’t do it. When you want to calm the f*** down.
phanbouy @ Aug 28th 2008 7:01PM
veronica hung out here? like once to defend ryan from a mob.
gabe @ Aug 28th 2008 8:20PM
dear Steve Jobs,
take your sweet sweet time and make a great firmware upgrade not a half-a$$ mockery of one.
p.s. a little charity wouldn't either- ie Bill Gates.
loosely_coupled @ Aug 28th 2008 11:51PM
Yes, this is a security issue, however it was certainly being sensationalized by different websites:
1) It is easy to fix yourself until a firmware update is released
2) Important data should *never* be hidden behind a simple screen lock PIN code. If you want decent security, you must use a proper encryption method on the data itself.
3) Unlike other critical security vulnerabilities, this one actually requires an attacker to have physical possession of the device, which in most cases you are already screwed anyways.
fanman @ Aug 29th 2008 4:11AM
Tell this to apple's marketing department.
"Actually no, I don't get viruses or security threats ever because I'm a mac. How envious are you?"
reefrmad @ Aug 29th 2008 9:15AM
@Kiwi616...
Why, oh WHY do you have to preface with "don't get me wrong, I love XXXXXX"? Are you afraid of the Interwebitube users calling you and Anti-applite?
And that goes for the rest of the "don't get me wrong, I love XXXXXXX" crowd! Don't be such cowards!
Thanks!
The Joker @ Aug 28th 2008 5:08PM
Can't wait to here the apologists on this one.
(01) @ Aug 28th 2008 5:12PM
Yeah, hopefully they'll be able to spell/use grammer better than you can.
sbrown23 @ Aug 28th 2008 5:19PM
@ (01) -
grammar?
fred @ Aug 28th 2008 5:18PM
"Well at least their fixing it! GAWD!"
phanbouy @ Aug 28th 2008 5:20PM
your being to hard on them. they're grammar is par for the coarse.
aardWolf @ Aug 28th 2008 5:28PM
Stop it, just stop it! All of u r speling stuf rong!
phanbouy @ Aug 28th 2008 5:32PM
all ur grammar nazis are belong to us
UnixSystemsEngineer @ Aug 28th 2008 9:13PM
How's this:
It's a feature, not a bug. Seriously. Who the hell wants to have to type in a passcode to unlock a *phone*? I hate it, and vowed that I wouldn't use my phone with ActiveSync if I had to do it. Well, as it turns out, I do, but the least-restrictive setting is every hour, and you can choose your own passcode. On my Motorola Q I had to use my corp exchange password (8 characters, alpha, etc etc) every 15 minutes. To use a telephone. Worthless.
I'm 99% sure this is configured on the Exchange side, and is probably implemented by my company in order to comply with SOX, which in itself is worthless as well.
I'll have to RTFA so I can take advantage of this... if indeed it does what it sounds like.
lu1de @ Aug 28th 2008 5:11PM
I have that phone!!!!!!!!!
phanbouy @ Aug 28th 2008 5:14PM
nope i took it from you. here, you can have my old nokia. more durable anyway.
mike @ Aug 28th 2008 5:14PM
Good for you...
Mike10010100 @ Aug 28th 2008 5:18PM
I figure if we have one Android troll for every Apple/ iPhone troll, we might just even out the conversations by nullifying them.
If I may be so bold to make the comparison, I would liken Android to an open source version of the iPhone OS. This in no way means that they have copied Apple any more than OpenOffice.org copied Microsoft Office. I've never heard anyone complaining about them.
Seriously, get over yourselves, iPhone trolls.
IndiaTech @ Aug 28th 2008 5:39PM
No way!!! Get out of here!!!
Which one BTW? The slightly leaning one or the full faced one?
lu1de @ Aug 28th 2008 5:52PM
I have the better looking one
phanbouy @ Aug 28th 2008 5:59PM
"I have the better looking one"
is that what girls tell you when they turn you down?
grull27 @ Aug 28th 2008 5:14PM
I guess I can expect a 2.0.3 update next month. Why can't we get 2.1 already?! I want copy & paste! >:-(
Richard Lai @ Aug 28th 2008 5:19PM
Bluetooth A2DP and native video recording would also be nice.
Cmmndr312 @ Aug 28th 2008 6:29PM
Maybe they can also get around to fixing the GPS functionality that they broke with the latest firmware.
"Your location +/- 200 miles"
Grant @ Aug 28th 2008 5:15PM
"The bug also affects the iPod Touch. "
uhhh... how? ipod touch doesn't have an "emergency call" mode, and the double tap of the home button brings you to music control shortcut box. Not to mention i've never noticed a locking feature on the touch, even though i have to admit i've never looked.
Chris Hanson @ Aug 28th 2008 5:16PM
YEH ,
Now you can also fess up to the countless other flaws on my IPHONE 3G.
uhhum!!
- Weak 3 G signal
- Failed calls when dialing out
- Dropped calls like crazy
- 4 Second delay on using phone book
- Slow Lagggy keyboard
And for Christ Sakes GIVE US THE OPTION TO TURN OFF THAT STUPID PREDICTIVE TEXTING !!!!!
heshmati4 @ Aug 28th 2008 5:20PM
I have had no problems after 2.0.2
You are just repeating problems in your list.
Don't get me wrong, I know there are some people with problems, but the vast majority if users are enjoying there iphones.
kevinm @ Aug 28th 2008 5:25PM
The problem with 3G and call drop out is more to do with the cell network, at&t for us. Only the sluggishness of the software is what Apple can fix.
waiownsyou @ Aug 29th 2008 1:57AM
I, for one, find it impossible to live without that predictive texting.
DarkUltra @ Aug 30th 2008 4:24AM
NO. I tried to live with predicting texting (auto correct) for two months to give it a real try, but it's much better off. I can't believe theres no option to turn it off!
Need to jailbrake and install auto correct toggler...
And the 4 second contact list delay is here too with latest firmware. Very annoying, i have to tell people to wait for my iPhone to open some text list.
Sms typing delay is fixed though.
kal326 @ Aug 28th 2008 5:17PM
Way to play down the security flaw by stating that the security would probably be bypassed anyway so this isn't such a BIG deal. Now had this been a WinMo device issue, I'm sure there would had been plenty more MS bashing.
rhcpsfan @ Aug 28th 2008 8:17PM
if they didn't include the other side to the story, it wouldn't be a factual, news worthy post. instead it would be a opinionated rant about how apple should get this bug fix out faster. If you want to read a news site, this is the kind of storys your going to get. If you want a ( insert product your obsessing over/hating on here) site than go find one , its really not that time consuming.So take a long, deep breath and decide which one of those sites you would rather be on right now.
dmesh @ Aug 28th 2008 10:45PM
but it would probably be fixed in a week not a month or two or whenever they get round to it
Leindurstit @ Aug 28th 2008 5:18PM
Enterprise-Ready, you say?
phanbouy @ Aug 28th 2008 6:37PM
the dragon makes it funnier
The Dude @ Aug 28th 2008 7:23PM
Leindurs"tit" makes it funnierer.
melo @ Aug 28th 2008 5:20PM
I have the 16GB White 3G and although I like the web and email experience, the rest of it is an abismal failure. Vista, which I use daily without issue was crucified when brought to market. I think its Apple's turn to receive a few nails-in-the-palms for botching this entire thing.
Anyone who says this isn't a debacle of a product release is delusional.
I'm not a fanboy of anything, Apple nor Microsoft, but Apple has joined the ranks of most soft and hard-ware companies who push out products and services way before they are market ready in the name of profit and planned obsolescence.
And on a final note... I find it hilarious that Apple is still pumping out those bullshit 'I'm a mac, I'm a pc' ads. Fool's Gold.
Nightmare @ Aug 28th 2008 6:32PM
For some odd reason, I vaguely remember a company losing money hand-over-fist and another company bailing them out. If you didn't know which two companies they were... in the commercial mac should be a bum, and pc should be shown helping the real moron out of his ditch. you are absolutely correct. apple was losing money and life fast and microsoft paid to keep them alive
phanbouy @ Aug 28th 2008 6:45PM
oh come "clak" this post isnt even about macs. ok, i'm betting that's a fake clak; it says he's only left 46 comments, and we've all seen single posts where he's had practically that many.
so; real fanboy or bored hater stirring up shit? either way i just fed the troll and must now self-flagellate.
Zak @ Aug 28th 2008 7:02PM
Correction: It wasn't about Macs until melo brought up the Mac vs. PC ads. Those ads have nothing to do with the iPhone. As far as the iPhone being an abysmal failure (yes, it's spelled "abysmal"), the sales numbers would beg to differ. I mean you're talking about "the rest of it" - does that include the iPod part? The apps? Notes? Calendar? Google maps? Youtube? The phone? I mean all those things work fine for me, so I can't really agree that the entire thing is botched. You sound hyper-reactive and you're exaggerating, just like a fanboy or an Apple hater.
Mike10010100 @ Aug 28th 2008 7:24PM
Zak? Saying that someone ELSE is hyper reactive and defensive? Wow. Take a good look at some of your previous posts. You start by asking rhetorical questions. Then you berate the commenter on his choice of words. Then you insult them.
Then there's the "sales numbers don't lie" crap. Let's take that and apply it elsewhere in history. Beware: I'm about to fulfill Godwin's Law.
When Hitler came to power in Germany, he advocated many different social and economic changes that the people of Germany wanted. People were mesmerized at how well-spoken and confident he was. People liked, nay, loved him. That doesn't mean that he didn't commit horrible crimes against humanity.
Go away. The worst part about people like you and clak is that there is no way to appease you. If we disagree, you just keep coming back. Say it once and stay away.
simon @ Aug 28th 2008 7:39PM
@Zak
"As far as the iPhone being an abysmal failure (yes, it's spelled "abysmal"), the sales numbers would beg to differ."
By that logic I am sure you agree that Vista is a resounding success and OSX is a relative failure
Zak @ Aug 28th 2008 7:42PM
Mike: Godwin's Law? Really? That's just sad, and also completely irrelevant. As far as the sales numbers, let's see if you can follow along: There have been almost 10 million iPhones sold now, which indicates some level of popularity. They continue to sell at a very high rate, yet melo used these terms to describe it: "Abysmal failure", "debacle of a product" - and you don't see the conflict between what melo said and reality?
Yoou gonna tell me you don't think melo is exaggerating either? And of course you can appease me. The instant you stop saying stupid unsubstantiated shit, I am appeased. It's actually pretty easy. Well, easy for normal people maybe. Apple haters are a "special" breed.