A passcode bypass vulnerability has been discovered in iOS 12 that potentially allows an attacker to access photos and contact details on a locked iPhone.

The rather convoluted bypass method was shared in a video by Jose Rodriguez, who has discovered iOS bugs in the past that Apple has subsequently fixed.

iphone bypass lock screen
With physical access to the locked device, the attacker first asks Siri to activate VoiceOver, sleeps the device with the Side button, and then calls the iPhone using another device. Once the call screen shows up, the attacker taps the Message button, opts to create a custom message, and then taps the plus (+) icon in the top right.

Next, on the other phone, the attacker sends a text or iMessage to the target iPhone, whose screen is then double-tapped when the message notification appears. This causes an odd behavior in the UI, since it highlights the plus icon underneath.

After a short wait, the screen goes white and the notification disappears, but the VoiceOver's text selection box is apparently still tappable and can now be used to access the Messages interface. Following multiple screen swipes, the VoiceOver is heard to say "Cancel," which reveals the original Messages screen.


Adding a new recipient to the message and selecting a numeral from the virtual keyboard then reveals a list of recently dialed or received phone numbers and contacts. Further, if one of the numbers or contacts includes an info ("i") button, disabling VoiceOver and tapping the button shows the contact's information. Performing a 3D Touch action on the contact also brings up call and message options, along with options to Add to Existing Contact or Create New Contact.

In a similarly complicated set of steps involving an invisible user menu, an attacker can eventually access a locked iPhone's Camera Roll and other photo folders, which can then be used to add profile pictures to contact cards.

The bypass methods work on all iPhones including the iPhone XS lineup, but Apple doesn't appear to have fixed the vulnerabilities in the latest iOS 12.1 beta. Thankfully however, all of the above can be easily prevented by disabling access to Siri from the lock screen.

Concerned users can do so by navigating to Settings > Face ID & Passcode (that's Settings > Touch ID & Passcode on iPhones with Touch ID) and disabling the Siri toggle under the "Allow access when locked" menu.

Top Rated Comments

SBlue1 Avatar
33 months ago
How do they find out something like this?? :)
Score: 40 Votes (Like | Disagree)
MrGimper Avatar
33 months ago
Youtuber EverythingApplePro reported that it was found by a taxi driver who tries to discover bugs like this on his iPhone while waiting for passengers.
He's also famous for being the taxi driver who has one customer every 10 years.
Score: 24 Votes (Like | Disagree)
Scottsoapbox Avatar
33 months ago
Hats off to hackers and security people that have much more patient for minutiae than me.
Score: 13 Votes (Like | Disagree)
davidg4781 Avatar
33 months ago
Why in the world do people have Siri enabled on the lock screen in the first place? The only thing worse would be the truly clueless who enable control center on the lock screen.
So when I’m cooking, I can just yell “Hey Siri, set a timer for 2 and one-half minutes!” and not be bothered by picking it up.

Or when I’m driving, just say “Hey Siri, tell dad I’ll be there in five minutes.” Since Apple doesn’t feel it can leave iPhone on while plugged in listening to music.

Now, serious question, what’s wrong with Control Center being enabled on lock screen?
Score: 12 Votes (Like | Disagree)
BaccaBossMC Avatar
33 months ago
How do they find out something like this?? :)
Surely this must have been discovered in some reverse-engineering of iOS. How else would you ever find this.
Youtuber EverythingApplePro reported that it was found by a taxi driver who tries to discover bugs like this on his iPhone while waiting for passengers.
Score: 12 Votes (Like | Disagree)
KrispE00 Avatar
33 months ago
Up, up, down, down, left, right, A, B, A makes the headphone jack reappear.
Score: 9 Votes (Like | Disagree)

Top Stories

samsung experience 1

Samsung's 'iTest' Lets You Try a Galaxy Device on Your iPhone

Thursday April 8, 2021 12:42 pm PDT by
Samsung has launched "iTest," an interactive website experience that's designed to allow iPhone users to test out Android on a Galaxy device, or "sample the other side," as Samsung puts it. Subscribe to the MacRumors YouTube channel for more videos. The iTest website is being advertised in New Zealand, according to a MacRumors reader who came across the feature. Visiting the iTest website on...
sonny 2021 ipad mini pro dummies

Leaked Dummy Units Show iPad Mini 6 With Thick Bezels and Home Button, New iPad Pro Models

Thursday April 8, 2021 2:11 am PDT by
Rumors suggest Apple will release refreshed versions of the iPad mini and iPad Pro models in the first half of this year, potentially as soon as this month, and a new leak today has provided us with a possible preview of what to expect in terms of the devices' overall design and camera prospects. Tech leaker and Apple blogger Sonny Dickson this morning shared images on Twitter showing dummy ...
apple music for artists new icon

Apple's Revamped Apple Music for Artists Icon Leads to Speculation About iOS 15 Design Plans

Tuesday April 6, 2021 1:03 pm PDT by
Apple yesterday updated its Apple Music for Artists app with some minor bug fixes and improvements, but also one other notable change -- a new icon. New icon on the right The Apple Music for Artists app now features a simpler, streamlined icon with a pinkish red music logo rather than the multicolored logo that was used before. The icon also has an embossed look that makes it stand out from...
apple find my network

Apple Announces Find My Network With Support for Third-Party Devices

Wednesday April 7, 2021 10:06 am PDT by
Apple today announced the launch of its Find My network accessory program, which is designed to allow third-party Bluetooth devices to be tracked in the Find My app right alongside your Apple devices. According to Apple, the first accessory companies to take advantage of the new Find My integration include Belkin, Chipolo, and VanMoof, with devices set to be available beginning next week. ...
new m1 chip

M1 Mac RAM and SSD Upgrades Found to Be Possible After Purchase

Tuesday April 6, 2021 5:34 am PDT by
Technicians in China have reportedly succeeded in upgrading the memory and storage of the M1 chip, suggesting that Apple's integrated custom silicon for the Mac may be more flexible than previously thought. Reports of maintenance technicians being able to expand the memory and storage of M1 Macs began circulating on Chinese social media over the weekend, but now international reports have...
Intel MBP Is Thin and Lighjt

Intel Ad for 'World's Best Processor' Features a MacBook Pro

Wednesday April 7, 2021 9:51 am PDT by
Intel has been on a relentless marketing drive against Mac computers in recent weeks, positioning them as inferior to Windows laptops powered by Intel processors. In a slight slip-up, however, Intel has accidentally used a MacBook instead of a Windows laptop in one of its newest ads to promote one of its new 11th-generation chips as "the world's best processor." The ad appeared on Reddit and ...
tmobile 5g modem

T-Mobile Launches Unlimited 5G Home Internet for $60/Month

Wednesday April 7, 2021 2:18 pm PDT by
T-Mobile today hosted an Un-carrier event where the company announced the launch of a a new 5G home internet plan, which is priced at $60 per month and offers unlimited data. The service is available to more than 30 million Americans across much of the United States, including 10 million households in rural areas not typically able to access reliable broadband. Connectivity will be either 4G ...
iMessage Android featured

Apple's Rationale for Not Bringing iMessage to Android Revealed in Legal Documents

Friday April 9, 2021 2:22 am PDT by
It's no secret that Apple sees iMessage as a big enough selling point to keep the service exclusive to Apple devices, however new court filings submitted by Epic Games in its ongoing lawsuit with the company reveal just how Apple executives have rationalized their decision not to develop a version of iMessage for Android. Apple clearly recognizes the power that iMessage has to keep users...
14

Apple Seeds Seventh Betas of iOS 14.5 and iPadOS 14.5 to Developers [Update: Public Beta Available]

Wednesday April 7, 2021 10:04 am PDT by
Apple today seeded the seventh betas of upcoming iOS 14.5 and iPadOS 14.5 updates to developers for testing purposes, with the new beta updates coming one week after Apple released the sixth iOS and iPadOS 14.5 betas. iOS and iPadOS 14.5 can be downloaded through the Apple Developer Center or over the air after the proper profile has been installed on an iPhone or iPad. iOS 14.5 is the...
ipad pro and macbook pro

iPad and MacBook Production Reportedly Delayed Due to Global Chip Shortage

Thursday April 8, 2021 2:31 am PDT by
Apple is facing a global shortage of certain components for some of its MacBook and iPad models, causing the Cupertino tech giant and its suppliers to postpone production of the products, according to a new report from Nikkei Asia. According to the report, MacBook production is being hindered due to the shortage of chips mounted onto the circuit board before final assembly, which is a key...