If you've got a passcode entry set on your iPhone, you might think it could block nefarious or mischievous people from accessing any part of your iPhone. Not so. We've been made aware of a security flaw in iOS 4.1 that allows users to bypass the passcode entry screen and gain direct access to the iPhone's Phone app. It's not just hype either: this is easier to pull off than the Konami code.
How it works: when the passcode entry screen comes up, tap "Emergency Call." Input any number you like, then tap "Call" and click the iPhone's sleep switch in quick succession (to get this to work, I had to perform the two actions almost simultaneously). If you've done the "trick" properly, you should now have full access to the iPhone's Phone app, including contacts, keypad, and calling history. What's more: tapping "Share Contact" and the camera icon will give you access to the Photos app. That's the extent of your access -- hitting the home button doesn't do anything at all -- but it's bad enough.
According to Daring Fireball's John Gruber, this bug isn't reproducible on the latest iOS 4.2 beta, so it's possible Apple was already aware of the security bug and has fixed it in 4.2. Until 4.2 is released, the best thing you can do is take our own Dave Caolo's advice: physical access is total access, so the first and most vital step to making sure people can't access your sensitive information is making sure they can't access your iPhone at all.