Apple Fanboy Saves iPhone

Thursday, October 2, 2008

Corridor Business Journal
Reporter: Gigi Wood
gigi@corridorbiznews.com

A University of Iowa student outwitted a smartphone.

Matt Yohe, a computer and electrical engineering major, was recently credited with discovering a major security flaw on the Apple iPhone.

“It’s really a simple flaw,” he said. “The actual issue evolves around, when you’re using the phone and if you have a passcode lock on it, you were able to get around it without having to put in any kind of key.”

Instead of entering a password to unlock the phone, users could bypass the lock by accessing the emergency contact feature on the iPhone.

“Because the iPhone is a totally integrated device with e-mail and SMS and browsing and everything else, from there it opened up any other application that you would want to access information from,” Mr. Yohe said.

He discovered the problem when he was learning how the newest generation of iPhone operating system software works on his phone.

“I just happened to be messing around and I just kind of stumbled on and discovered this,” he said.

The 25-year-old Mr. Yohe e-mailed the Apple security department Aug. 8, informing them of the glitch. Apple has fixed the flaw and credited him with the discovery.

“I got a response back, ‘Thanks for telling us this and we would like to credit you for this,’” he said.

Later in the month a hacker discovered the glitch and posted it online, informing people on how to take advantage of the flaw. That prompted Apple to go public with the flaw. A patch to fix it was issued Sept. 9.

“(The hacker) ended up publishing a walkthrough and a video on a very popular technology blog, so that was basically the Apple news for that day or that week,” he said.

Once the information was posted, it was big news in the Apple world. Mr. Yohe is a registered user of Macrumors.com, a site that attracts 4.4 million people and 40 million page views a month, according to Quantcast. The site offers insider news, blogs and forums about Apple products.

“There’s quite an Apple fanboy following and admittedly I’m one of them, too, but I was pretty surprised when I saw it had gone public at that point,” said Mr. Yohe, who bought his iPhone the first day they became available last year and attended MacWorld San Francisco 2008, where the MacBook Air laptop was unveiled.

Mr. Yohe said response to the security flaw was overblown, because while personal information could be accessed from a physical iPhone, hackers could not retrieve the information remotely.

In Apple circles, the hacker received celebrity status, but few know of Mr. Yohe, he said.

“I’m considered the ‘white-hat’ of this issue, where ‘black-hat’ is usually connected with someone using information maliciously,” he said. “No one really reads the security footnotes except for me and people with a passion for this. The average person would never run across this.” CBJ