The iPhone is one curious beast. Since I first started showing affection to mine in public, I am happy to report that I have never run into an embarrassing moment: it has always behaved properly, performing as expected and wooing audiences with its cute grin, boyish attitude and tactile features.
That is until today. You see, like probably most iPhone users – at least I hope –, I have set my phone to ask for a PIN upon waking up. While I am not too confident in the overall security of the thing, this would probably give me time, should we ever be separated against our will, to change the passwords of my email account and notify good old Orange to lock my SIM card.
At the bottom of the numeric pad is a very tempting button allowing users in a rush to notify emergency services. In Europe, that usually means that you can dial 112 to summon an ambulance. French phones will usually allow you to call 18 for the firemen and 17 for the police, too. Generous phones and operators may even try to re-route 911 although I have never tried that one – and I do not think they are under any obligation to do so anyway.
The iPhone, however, has a different take on it. This "Emergency call" button allows for any call to be placed so as long as the SIM card is unlocked. I have obviously not tried to place an emergency call with the SIM card locked but I assume the network would let it go through.
The result? Unless your iPhone just happens to wake up from a complete shutdown, in which case the SIM card will be unlocked, it will allow any call to be placed without authentication. At least my iPhone will, and so do the other iPhones I have toyed with.
Is this a security issue? Not really. I do not believe nuclear missiles are launched on the basis of caller ID alone and the phone luckily does not attempt to look up names from the Address Book in "emergency" mode so I would call it a mere oversight. [Update: It does, however, pull the label associated with the number in the Address Book, such as "home," which is a way to confirm that a number is indeed stored within the phone's memory.]
Still, that is a rather interesting oversight. I wonder to which extent this was done on purpose as a disguised "quick call" mode, as a convenience based on the fact different markets have different sets of emergency numbers or is simply the result of a QA glitch.
Most phones only ask for a code from a cold boot. The iPhone never really "boots up" but rather "wakes up" – unless it is expressly told to shut down but that is a very rare occurrence. The question, then, is what set of restrictions should be placed on the user before he authenticates but while the SIM card in the phone is unlocked. Phones have been traditionally very lax in that regard, assuming the user would shut them down if need be. The iPhone is on its way to store a lot more information than its cousins and encourages the user to seldom shut it down.
Not a problem per se, of course, but a new situation we ought to think about.
Categories
Mac
Read More Entries by FJ de Kermadec.
Become an O'Reilly Member
Visit the Digital Media Forums
Subscribe to the Digital Media Blog Feed
Subscribe to the Digital Media Newsletter
Jamie,
There is a way to know whether a phone number is on the device, which is a bit of a privacy leak. This said, I agree it is very minor and not much on an issue in practice.
I also agree with you on the potential benefits of an open "Emergency" feature and the examples you quote are definitely very strong. Your idea of allowing users to designate numbers in addition to a standard list of emergency codes would seem to me like the best option. A toggle in the Address Book could work very neatly.
I can see a benefit, actually- roadside assistance, phone-home, phone-a-friend, reverse charges, operator, someone else phoning a number that I'm speaking but unable to operate the phone... all things that I might want to do in an emergency situation that aren't actually the emergency services.
That said, I don't think that this is the real reason for the bug/feature/oversight, and it's not going to be that useful unless everyone knows about it. At which point, the security-through-obscurity of the feature is lost. And, as far as we know so far, this isn't a vector for getting at my data on the device- just using the device for phone-calls.
Maybe there should be a user-definable list of emergency numbers and contacts in addition to the standard emergency services numbers for each territory (a bit like the ICE system that some people use) that's accessible directly even when the phone is locked.
I believe this is true indeed, Andrew. What I am worried about here is not the phone's ability to place emergency calls, which is a very good thing like you point out, but the fact it does not seem to distinguish between emergency numbers and just any good old number there is, making a stolen iPhone seemingly perfectly usable for non-emergency purposes. There is also a minor but real privacy leak associated with this function, which is certainly not horrendous but unwelcome.
I may be wrong, but I think in Europe, a mobile phone has to be usable as a device to make an emergency call without having anything but the phone itself. That is you could go and buy a phone without any sim card turn it on and make an emergency call to 112.
I think that this is actually a good feature, so Apple may simply be following the rules.
Andrew