FaceTime Bug Lets Locked iPhones Make Video Calls
Two iPhones communicating via FaceTime.
CREDIT: Apple, Inc.
An iPhone bug enables people to make FaceTime video calls on phones that are locked with a password and protected with the highest security settings, a researcher discovered.
The flaw, which exists in the newest version of Apple's iOS 5.0.1 smartphone software, can be exploited even if the iPhone owner has voice dialing turned off and the device is set to require a passcode, according to Ade Barkah. He explained the vulnerability in a blog post he entitled "More fun with a locked iPhone 4."
Barkah is familiar with toying with the iPhone and exposing its weaknesses. Last month, he demonstrated how setting the iPhone's clock back could expose all the photos stored on the phone, even if the phone had been locked.
In this week's proof-of-concept iPhone hack, Barkah first disabled voice calling, but found that the iPhone — he tested the exploit on an iPhone 4 — keeps Voice Control enabled.
"Can we trick this restricted Voice Control to leak some private info, and perhaps trick it to make calls for us? (Yes, we can!)," Barkah wrote.
Barkah instructed his phone to place a call, which, because voice dialing was disabled, it did not do. He then slid the unlock bar, and instead of entering the passcode to unlock the phone, hit the "Emergency Call" button, which brought up a screen that accepted his voice request to place a call.
The voice call didn't actually go through, but when Barkah attempted to initiate a FaceTime call, the phone, to his surprise, complied.
"During testing, the FaceTime calls from my locked iPhone successfully connected and I was able to see + converse with the other party," he wrote. "Yikes! Not what I'd expect from my locked iPhone!"
Cnet tested Barkah's loophole and found it works on the iPhone 4S and the iPhone 3GS when both are connected to a Wi-Fi network. The flaw isn't as troubling on the latter device because it doesn't have FaceTime, but even if a phone does not have FaceTime installed, Barkah said the hack could be performed to view a target's full contact name and the photos attached to his contacts.
Apple did not immediately respond to SecurityNewsDaily's request for comment.