Just a brief post this morning; I have just read that somebody has stumbled upon a security flaw in iOS 4 which allows somebody to access the contacts of a LOCKED iPhone. Not only is it possible to access the contacts, but it is possible to place a call, send an email, or send an SMS. It also appears possible to create, edit and delete contacts. Clearly the whole point of the lock screen is to prevent access to your phone should anybody else pick it up, or find it. It is specifically access to phone numbers and contact details that is supposed to be blocked so this is a pretty major issue. I’m sure Apple with be getting a fix out very soon for this.
As any new update will not initially be jail-breakable, it leaves many of us in a difficult position; if we update to fix a hole that the entire world will know about sometime time today, then we lose our Jailbreaks and unlocks, yet if we choose not to update then everybody in the world will try and mess with our phones! I expect the jailbreak community will come to the rescue on this one and release an unofficial patch via Cydia to allow us to remain on 4.1 whilst protecting against this flaw.
from the iPhone download blog website: On a password protected iPhone, tap the “Emergency Call” button then enter ###. Tap the Call button and immediately hit the Lock button. It will open your iPhone Contacts app from which you’ll be able to browse, edit, email, any contact.