That's not a bug, it's a feature
Little features like this will continue to popup to break those 'Dont upgrade because it will break your jailbrake' warnings.
A recently discovered bug in Apple's iOS 4.1 allows users to make iPhone calls without first entering a passcode. The bug means there is no way to prevent unauthorized people from using the devices in the event they're lost or stolen. All that's required to unlock a phone is to press the Emergency Call button, enter a non- …
It actually works! It's just the same as it was with the iPhone 3G. It lets you into the phone function but doesn't let you go anywhere else. It's as if they've pulled up an old piece of code and put it into iOS4. To add insult to injury, if you press the home screen and the lock/power button at the same time whilst it is in this state, it will take a 'picture', which actually turns out to be a screen shot of the screen you're currently looking at! the only way to get out of it and see the screenshot is to switch off, back on, and look at it in photos. Strange. Very strange.
TRWTF is detailing in the article how to do it.
TORWTF is "OK so they can get into my contacts, and make bespoke calls, but that's all they can do"
You can do harm like that, making heavy breathing phone calls to "Boss" or "Work".
It's stuff that can be explained away, but it will irritate "Boss" or "Work" for a while, which is not condusive to the phone owner's wellbeing at work
TOORWTF is that the iPhone is infallible etc
Bypassing security? There's an application for such things.
You can do more than phonecalls.
Go into the contacts, and you can send an email by sharing a contact. You can send an MMS the same way. Once in the MMS app, click the camera and you can view all the photos on the phone, or use the camera.
You can edit contacts, change ringtones.
You can access the paste buffer and see what the last copy/cut/paste was.
You can enter the user's voicemail (if they've saved their password). From there, listen to their messages, change their password, etc.
Of course, you can view all the contacts, edit them, delete, add, and view recent calls.
Pretty heavy-duty flaw if you ask me.
By FCC rule (and the same organization in many other nations), ALL phones must be capable of dialing an emergency number even from a locked state. Since 911 is not universal (not even across the entire USA let alone internationally), the ability to enter an alternate emergency number in emergency call mode, including that some 911 dispatches you might get connected to based on the home location of the phone may not be able to forward you to a LOCAL 911 branch when traveling, (or even just because your tower is across a county line) but can give you a direct number to dial instead. I've had this happen a few times.
The only bug is from this screen you can get to contacts. That is an easy bug to fix (its been fixed already in a prev version). Unfortunate it came up again, but it took more than a month to find, and is only a security risk if someone you don't trust is in possession of a phone you don't know you have lost yet. This bug should be fixed inside 24 hours.
iPhone 4 running iOS 4.1 (8B117). Can't seem to get into anything else but the phone app though.
That's not very good considering there was a similar vulnerability before now.
Probably wouldn't be too much of an issue if your phone was in the UK when lost. One call to the phone company and they can disable it pretty quickly. Can take longer if you are roaming abroad though.
I suspect an update will be quickly released to fix this.
I used to have a HTC Magic running Android 1.5 which had a much worse "bug" than this, yet it was never mentioned.
If you have an "unlock pattern" (similar to a pass code but you connect dots on the screen in a defined order instead of typing in numbers) - if you draw it incorrectly 3 times, it asks you for your Gmail details. Whatever details you put in (even correct - I logged in to Gmail on another phone to double-check) it renders the phone useless. You have to restore to factory settings, losing everything.
As of Android 2.0 (2 major versions forward) Google still hadn't even acknowledged the problem.
My point - all phones, and all OSs have bugs. You only hear about those in the iPhone because they're so popular. Don't refuse to buy an iPhone because of one minor bug.
The iPhone bug is actually significantly worse.
The iPhone fails in allowing access to information and features without authorization.
The HTC Magic in your case fails in not allowing access to information, even with authorization.
From a security standpoint, the second failure is actually more desirable because it protects the data.
If I had to make my purchasing decision based solely on those two "features", I'd pick the Magic. But I don't.
your leader Jobs thinks the sun shines out his a*se and he can walk on water.
If Jobs wasn't such a supercilious phallic symbol and admitted that he and Apple actually made mistakes - like the yet unfixed Grip of Death, exploding batteries, etc. - we would cut him some slack.
As it is he is just making himself a target.