My twelve year old son brought to my attention a security bug he discovered on his iPhone. He has an even more paranoid security mind than I do, because he primarily uses his iPhone to send and receive sweet nothings between himself and his girlfriend, and he is certain that his mother and I are desperate to intercept these messages.

Being security conscious he turned on the passcode lock and disabled SMS Preview.

This screen shot shows the SMS preview disabled:

This enables a mandatory passcode. If a message is received during the passcode entry or while the screen is locked, a generic message of “New Text Message” appears, to prevent viewing of messages without unlocking the phone:

If however the phone is placed in emergency call mode, any incoming SMS messages are previewed instead of presented as the generic messages. Thus all I need to do to intercept the messages from his girlfriend is to place the phone in emergency mode and wait 30 seconds for the next sickly sweet message.

This was in iPhone version 2.1 (5F136), the currently shipping version. Since I have no access to beta of non-released firmwares I can’t test to see if it has been fixed since then. For those how care, this is bug 6267416. I don’t have much hope for it being fixed soon, because my security bug 5368148 from July of 2007 is still marked as open, and still unfixed in 10.5.5.

This entry was posted on Friday, October 3rd, 2008 at 9:15 am and is filed under iPhone.