According to report, it looks like there’s another iPhone.app defense gap. Here, in iOS 4.1 that allows someone to get around a passcode locked iPhone, gain access to the owner’s contact list, manufacture calls and send emails to anyone in said contact list. From MacStories:
“To reproduce the bug, invent certain to have a passcode lock turned on and lock your device. In the lockscreen, tap on Emergency signal in the lower left corner. Now type a non-existent emergency number, I tried #946494. Start the signal, and as soon as the red button seem hit the sleep button. You’ll be brought to the contact list.”
The issue will most-likely get patched by Apple in the 4.2 update coming later that month, but it’s not the first day the emergency shout screen has been exploited. Both iOS 2.1 and iOS 2.0.2 suffered from passcode lock bugs. Hopefully Apple pays additional attention and really secures Phone.app that day.