Earlier this week Canadian tech writer and consultant Ade Barkah stumbled upon a shocking security loophole present in the iOS 5.0.1, Apple’s latest operating system. According to Barkah this security breach let’s complete strangers probe into your iPhone’s contact list and make Facetime calls even if the phone is enabled with highest security settings such as immediate pass code and voice dial being turned off.
In simple words if you have a pass code enabled lock screen and voice control turned off, one can still access voice control through the emergency screen and establish Facetime calls or acquire contact information. Barkah found out that from the emergency screen, one can keep guessing a first name that could be present in the contact list. Once you have a match you can establish Facetime calls to that contact. The fact that actual voice calls cannot be established through this bug saves apple from further embarrassment but one can still see the contact details which makes it a point of major concern for many users.
The bug doesn’t come in handy with an iPhone 3GS as it does not support Facetime calls due to a lacking front camera. On an iPhone 4S voice control can only be enabled if Siri is turned off, which is a default setting.
There are still a few obstacles one must overcome to completely exploit this security loophole. First of all, one has to guess the names to discover a contact. Secondly the phone should remain within the reach of a recognized wifi connection for Facetime to work which makes the bug less exploitable in the case your phone gets stolen or lost.
Apple is yet to comment about this security loophole and there is no clue if Apple fixes it in its upcoming iOS 5.1 update.