A passcode bypass vulnerability has been discovered in iOS 12 that potentially allows an attacker to access photos and contact details on a locked iPhone.
The rather convoluted bypass method was shared in a video by Jose Rodriguez, who has discovered iOS bugs in the past that Apple has subsequently fixed.
With physical access to the locked device, the attacker first asks Siri to activate VoiceOver, sleeps the device with the Side button, and then calls the iPhone using another device. Once the call screen shows up, the attacker taps the Message button, opts to create a custom message, and then taps the plus (+) icon in the top right.
Next, on the other phone, the attacker sends a text or iMessage to the target iPhone, whose screen is then double-tapped when the message notification appears. This causes an odd behavior in the UI, since it highlights the plus icon underneath.
After a short wait, the screen goes white and the notification disappears, but the VoiceOver's text selection box is apparently still tappable and can now be used to access the Messages interface. Following multiple screen swipes, the VoiceOver is heard to say "Cancel," which reveals the original Messages screen.
Adding a new recipient to the message and selecting a numeral from the virtual keyboard then reveals a list of recently dialed or received phone numbers and contacts. Further, if one of the numbers or contacts includes an info ("i") button, disabling VoiceOver and tapping the button shows the contact's information. Performing a 3D Touch action on the contact also brings up call and message options, along with options to Add to Existing Contact or Create New Contact.
In a similarly complicated set of steps involving an invisible user menu, an attacker can eventually access a locked iPhone's Camera Roll and other photo folders, which can then be used to add profile pictures to contact cards.
The bypass methods work on all iPhones including the iPhone XS lineup, but Apple doesn't appear to have fixed the vulnerabilities in the latest iOS 12.1 beta. Thankfully however, all of the above can be easily prevented by disabling access to Siri from the lock screen.
Concerned users can do so by navigating to Settings > Face ID & Passcode (that's Settings > Touch ID & Passcode on iPhones with Touch ID) and disabling the Siri toggle under the "Allow access when locked" menu.
The rather convoluted bypass method was shared in a video by Jose Rodriguez, who has discovered iOS bugs in the past that Apple has subsequently fixed.
With physical access to the locked device, the attacker first asks Siri to activate VoiceOver, sleeps the device with the Side button, and then calls the iPhone using another device. Once the call screen shows up, the attacker taps the Message button, opts to create a custom message, and then taps the plus (+) icon in the top right.
Next, on the other phone, the attacker sends a text or iMessage to the target iPhone, whose screen is then double-tapped when the message notification appears. This causes an odd behavior in the UI, since it highlights the plus icon underneath.
After a short wait, the screen goes white and the notification disappears, but the VoiceOver's text selection box is apparently still tappable and can now be used to access the Messages interface. Following multiple screen swipes, the VoiceOver is heard to say "Cancel," which reveals the original Messages screen.
Adding a new recipient to the message and selecting a numeral from the virtual keyboard then reveals a list of recently dialed or received phone numbers and contacts. Further, if one of the numbers or contacts includes an info ("i") button, disabling VoiceOver and tapping the button shows the contact's information. Performing a 3D Touch action on the contact also brings up call and message options, along with options to Add to Existing Contact or Create New Contact.
In a similarly complicated set of steps involving an invisible user menu, an attacker can eventually access a locked iPhone's Camera Roll and other photo folders, which can then be used to add profile pictures to contact cards.
The bypass methods work on all iPhones including the iPhone XS lineup, but Apple doesn't appear to have fixed the vulnerabilities in the latest iOS 12.1 beta. Thankfully however, all of the above can be easily prevented by disabling access to Siri from the lock screen.
Concerned users can do so by navigating to Settings > Face ID & Passcode (that's Settings > Touch ID & Passcode on iPhones with Touch ID) and disabling the Siri toggle under the "Allow access when locked" menu.
Tag: security
68 comments
Dutch brand ZENS today unveiled a wireless charging mat with 16 overlapping coils, allowing two devices to be charged anywhere on the mat.
The ZENS Liberty will be able to charge any...
Update: On schedule, the HomePod has now launched in Japan and Taiwan.
Original story follows.
Apple's HomePod is set to launch in Japan and Taiwan next week, on Friday, August 23,...
Ahead of the launch of iOS 13, iPadOS, and macOS Catalina, Apple has updated its iCloud.com beta site with a fresh look and a new Reminders app (via Federico Vittici).
The beta version of...
Bose today announced the launch of a new speaker, the Bose Portable Home Speaker, which is designed to work with Apple's AirPlay 2 protocol.
The Bluetooth-enabled Portable Home Speaker is...
A report yesterday from The Chicago Tribune suggested Apple's iPhones were emitting radiofrequency radiation beyond federal safety limits following independent lab testing, and now, a law firm is...
Google today announced its next major version of Android will be named Android 10, as the company has decided to move past dessert-inspired names for the operating system like Ice Cream Sandwich,...
Bloomberg's Mark Gurman and Debby Wu have shared expectations for Apple's fall product lineup and beyond, revealing new details plus existing rumors about upcoming iPhone, iPad, Apple Watch,...
Apple this morning started accepting pre-orders for its Powerbeats Pro wireless headphones in Ivory, Moss, and Navy on its online Apple Store.
Apple is currently quoting shipping times of 5...
