Updated: Serious security hole in iOS 5.1? Perhaps not..

iPhoneIMPORTANT UPDATE:

It looks like I got this wrong.

My own testing produced the same results as in 9to5Mac’s original report. It seems that both their reporter and myself must have unlocked our iPhones within the prescribed amount of time in the “require Passcode” time settings.

Sorry :(

Sign up to our free newsletter.
Security news, advice, and tips.

Graham “red-faced” Cluley.

PS. For completeness, and to compound my earlier embarrassment, here’s the article I published initially..

Apple announced the “new iPad” to an expectant world yesterday and at the same time released a new version of its iOS 5.1 operating system for existing iPhone, iPod Touch and iPad users.

If you’re about to install iOS 5.1, my advice right now would be to be very careful. As there is a serious security hole.

As 9to5Mac reports, it is child’s play for anyone to gain full access to your Apple device running iOS 5.1, even if you believe you have locked it.

I hope you don’t have anything you wanted to keep private on your Apple iPhone or iPad, because if you leave it lying around – someone might be able to spy upon what you’ve been up to.

I just tried it for myself on an iPhone 4, and was able to gain complete access to a supposedly locked device without having to enter a pass code.

Here’s how it works.

  • From your iPhone’s lock screen, open the camera app from the new “slider” that iOS 5.1 has introduced.
  • Now, click on the gallery icon in the bottom left hand corner (you normally use this in the photo app to view past pictures you have taken).
  • Click the Home button, and you’ll be returned to your main screen and have access to all of the apps and settings. Ouch.

How to unlock an iPhone

Blogger James Woods believes the problem only occurs for those who had a pass code enabled at the time that they updated their iPhone or iPad to iOS 5.1, and that if you turn off your pass code and then turn it back on again, you will be properly secured.

In my tests this proved to be the case, but it shouldn’t be necessary for people who had already applied decent security on their iPhone/iPad to then have to do it again because an update from Apple undid the security steps they had previously taken.

Apple should fix this security hole, before users who believe they are properly protected have their iPhones and iPads snooped upon.

Presumably this flaw is not present in Apple gadgets which do not have a camera, such as the original first generation iPad.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.