During the keynote at the SANS Mobile Device Security Summit here in Nashville this morning Rafal Los (aka: Wh1t3Rabbit) talked about a new passcode bypass vulnerability going around in the latest version of iOS (5.1). Basically how it’s supposed to work is by opening up the camera on the lock screen you go to the photo gallery, press the home button and it takes you to the home screen bypassing the passcode. I tried this and it didn’t work on my iPhone. I was quickly prompted for my passcode.
I did some research and found this blog post which says this is simply a configuration issue with the passcode settings. Check your setting for “Require Passcode” (under the Passcode Lock screen) and make sure it’s set to “Immediately”. If it’s set to 1 minute or more, you really haven’t locked your device. You’ve just been shutting off the screen. See the screen shot below for the passcode setting you should be using.