Security flaw identified on iPhone

8 Sep 2008

A new security flaw has been discovered that lets unauthorised iPhone users access private information – even on a locked device, it has emerged.

According to Gartner security experts, John Girard and Ken Dulaney, iPhone users should remove ‘favourites’ from their devices and not create any more entries until the flaw is fixed.

The flaw can enable unauthorised users to gain access to private contacts and emails, even when the device is locked.

Apple is understood to be working to resolve the problem.

After trying several suggested interim fixes, including reconfiguring double-click ‘home’ button settings to something other than favourites, Gartner recommends pointing the setting at the ‘home’ screen, which remains locked so that the action returns the user to the emergency call window without exposing any iPhone applications.

Gartner is not aware of any method of enforcing this change, said Girard. “The iPhone does not permit, through its own utilities or through third parties, a forced download and activation of the temporary fix, or a report of whether this fix has been implemented by the user manually.

“This places IT managers in a difficult position regarding maintaining a security posture for the iPhone until Apple releases a fix,” he said.

Apple told the press that it has a fix and announced a target date of September for its availability.

“Since the iPhone is still a newcomer to the enterprise environment, such discoveries are to be expected; more are likely to arise. As with any product relatively new to a market, users should exercise a reasonable amount of prudence and restraint in adoption as the industry, the vendor and enterprises develop expertise in deploying the product,” Girard said.

By John Kennedy

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years