A passcode bypass vulnerability has been discovered in iOS 12 that potentially allows an attacker to access photos and contact details on a locked iPhone.
The rather convoluted bypass method was shared in a video by Jose Rodriguez, who has discovered iOS bugs in the past that Apple has subsequently fixed.
With physical access to the locked device, the attacker first asks Siri to activate VoiceOver, sleeps the device with the Side button, and then calls the iPhone using another device. Once the call screen shows up, the attacker taps the Message button, opts to create a custom message, and then taps the plus (+) icon in the top right.
Next, on the other phone, the attacker sends a text or iMessage to the target iPhone, whose screen is then double-tapped when the message notification appears. This causes an odd behavior in the UI, since it highlights the plus icon underneath.
After a short wait, the screen goes white and the notification disappears, but the VoiceOver's text selection box is apparently still tappable and can now be used to access the Messages interface. Following multiple screen swipes, the VoiceOver is heard to say "Cancel," which reveals the original Messages screen.
Adding a new recipient to the message and selecting a numeral from the virtual keyboard then reveals a list of recently dialed or received phone numbers and contacts. Further, if one of the numbers or contacts includes an info ("i") button, disabling VoiceOver and tapping the button shows the contact's information. Performing a 3D Touch action on the contact also brings up call and message options, along with options to Add to Existing Contact or Create New Contact.
In a similarly complicated set of steps involving an invisible user menu, an attacker can eventually access a locked iPhone's Camera Roll and other photo folders, which can then be used to add profile pictures to contact cards.
The bypass methods work on all iPhones including the iPhone XS lineup, but Apple doesn't appear to have fixed the vulnerabilities in the latest iOS 12.1 beta. Thankfully however, all of the above can be easily prevented by disabling access to Siri from the lock screen.
Concerned users can do so by navigating to Settings > Face ID & Passcode (that's Settings > Touch ID & Passcode on iPhones with Touch ID) and disabling the Siri toggle under the "Allow access when locked" menu.
The rather convoluted bypass method was shared in a video by Jose Rodriguez, who has discovered iOS bugs in the past that Apple has subsequently fixed.
With physical access to the locked device, the attacker first asks Siri to activate VoiceOver, sleeps the device with the Side button, and then calls the iPhone using another device. Once the call screen shows up, the attacker taps the Message button, opts to create a custom message, and then taps the plus (+) icon in the top right.
Next, on the other phone, the attacker sends a text or iMessage to the target iPhone, whose screen is then double-tapped when the message notification appears. This causes an odd behavior in the UI, since it highlights the plus icon underneath.
After a short wait, the screen goes white and the notification disappears, but the VoiceOver's text selection box is apparently still tappable and can now be used to access the Messages interface. Following multiple screen swipes, the VoiceOver is heard to say "Cancel," which reveals the original Messages screen.
Adding a new recipient to the message and selecting a numeral from the virtual keyboard then reveals a list of recently dialed or received phone numbers and contacts. Further, if one of the numbers or contacts includes an info ("i") button, disabling VoiceOver and tapping the button shows the contact's information. Performing a 3D Touch action on the contact also brings up call and message options, along with options to Add to Existing Contact or Create New Contact.
In a similarly complicated set of steps involving an invisible user menu, an attacker can eventually access a locked iPhone's Camera Roll and other photo folders, which can then be used to add profile pictures to contact cards.
The bypass methods work on all iPhones including the iPhone XS lineup, but Apple doesn't appear to have fixed the vulnerabilities in the latest iOS 12.1 beta. Thankfully however, all of the above can be easily prevented by disabling access to Siri from the lock screen.
Concerned users can do so by navigating to Settings > Face ID & Passcode (that's Settings > Touch ID & Passcode on iPhones with Touch ID) and disabling the Siri toggle under the "Allow access when locked" menu.
Tag: security
68 comments
Apple TV+ series "The Morning Show" has been nominated for three Screen Actors Guild Awards for outstanding male actor and outstanding female actor.
Steve Carell and Billy Crudup, who...
Apple is rumored to launch four 5G-enabled iPhones in fall 2020, and while 5G-related components could raise the production costs of the devices by $30 to $100 depending on the model, analyst...
Apple appears to be working on new "Powerbeats4" wireless earphones to replace the existing Powerbeats3, based on strings in iOS 13.3 code uncovered by MacRumors contributor Steve Moser.
...
Early reports from 16-inch MacBook Pro owners who have installed the macOS Catalina 10.15.2 update suggest that the new software fixes some of the speaker popping issues that were plaguing these...
With the new 2019 Mac Pro now available for purchase, Apple has begun sharing support documents and tutorial videos covering the new high-end machine that's designed for professional users.
...
Apple's new Pro Display XDR comes with an optional nano-texture glass, which is etched at the nanometer level to cut down on reflectivity and glare for a matte look.
The nano-texture glass...
There was a serious AirDrop bug in iOS 13.2.3 that let attackers overwhelm nearby iPhones with files, causing them to lock up, reports TechCrunch. Apple addressed the bug in the iOS 13.3 update, and...
Ahead of the release of the Mac Pro and Pro Display XDR, Apple gave several of the machines to prominent tech YouTubers to test out, and their first impressions, overviews, and unboxings of the Mac...
