A passcode bypass vulnerability has been discovered in iOS 12 that potentially allows an attacker to access photos and contact details on a locked iPhone.

The rather convoluted bypass method was shared in a video by Jose Rodriguez, who has discovered iOS bugs in the past that Apple has subsequently fixed.

iphone bypass lock screen
With physical access to the locked device, the attacker first asks Siri to activate VoiceOver, sleeps the device with the Side button, and then calls the iPhone using another device. Once the call screen shows up, the attacker taps the Message button, opts to create a custom message, and then taps the plus (+) icon in the top right.

Next, on the other phone, the attacker sends a text or iMessage to the target iPhone, whose screen is then double-tapped when the message notification appears. This causes an odd behavior in the UI, since it highlights the plus icon underneath.

After a short wait, the screen goes white and the notification disappears, but the VoiceOver's text selection box is apparently still tappable and can now be used to access the Messages interface. Following multiple screen swipes, the VoiceOver is heard to say "Cancel," which reveals the original Messages screen.


Adding a new recipient to the message and selecting a numeral from the virtual keyboard then reveals a list of recently dialed or received phone numbers and contacts. Further, if one of the numbers or contacts includes an info ("i") button, disabling VoiceOver and tapping the button shows the contact's information. Performing a 3D Touch action on the contact also brings up call and message options, along with options to Add to Existing Contact or Create New Contact.

In a similarly complicated set of steps involving an invisible user menu, an attacker can eventually access a locked iPhone's Camera Roll and other photo folders, which can then be used to add profile pictures to contact cards.

The bypass methods work on all iPhones including the iPhone XS lineup, but Apple doesn't appear to have fixed the vulnerabilities in the latest iOS 12.1 beta. Thankfully however, all of the above can be easily prevented by disabling access to Siri from the lock screen.

Concerned users can do so by navigating to Settings > Face ID & Passcode (that's Settings > Touch ID & Passcode on iPhones with Touch ID) and disabling the Siri toggle under the "Allow access when locked" menu.

Tag: Security

Top Rated Comments

SBlue1 Avatar
SBlue1
65 months ago
How do they find out something like this?? :)
Score: 40 Votes (Like | Disagree)
MrGimper Avatar
MrGimper
65 months ago
Youtuber EverythingApplePro reported that it was found by a taxi driver who tries to discover bugs like this on his iPhone while waiting for passengers.
He's also famous for being the taxi driver who has one customer every 10 years.
Score: 24 Votes (Like | Disagree)
Scottsoapbox Avatar
Scottsoapbox
65 months ago
Hats off to hackers and security people that have much more patient for minutiae than me.
Score: 13 Votes (Like | Disagree)
davidg4781 Avatar
davidg4781
65 months ago
Why in the world do people have Siri enabled on the lock screen in the first place? The only thing worse would be the truly clueless who enable control center on the lock screen.
So when I’m cooking, I can just yell “Hey Siri, set a timer for 2 and one-half minutes!” and not be bothered by picking it up.

Or when I’m driving, just say “Hey Siri, tell dad I’ll be there in five minutes.” Since Apple doesn’t feel it can leave iPhone on while plugged in listening to music.

Now, serious question, what’s wrong with Control Center being enabled on lock screen?
Score: 12 Votes (Like | Disagree)
BaccaBossMC Avatar
BaccaBossMC
65 months ago
How do they find out something like this?? :)
Surely this must have been discovered in some reverse-engineering of iOS. How else would you ever find this.
Youtuber EverythingApplePro reported that it was found by a taxi driver who tries to discover bugs like this on his iPhone while waiting for passengers.
Score: 12 Votes (Like | Disagree)
KrispE00 Avatar
KrispE00
65 months ago
Up, up, down, down, left, right, A, B, A makes the headphone jack reappear.
Score: 9 Votes (Like | Disagree)
Read All Comments

Popular Stories

iphone se 4 modified flag edges

iPhone SE 4 Details: Action Button, USB-C Port, Face ID, and More

Wednesday September 27, 2023 1:34 pm PDT by
Significant changes are expected to arrive with Apple's fourth-generation iPhone SE, in terms of both design and hardware, MacRumors has learned. The iPhone SE 4, known internally under the codename Ghost, is expected to receive a new design derived almost entirely from the base model iPhone 14. According to our sources, the iPhone SE 4 will use a modified version of the iPhone 14 chassis...
Read Full Article147 comments
Multi Display CarPlay 1

All-New Apple CarPlay Launching Later This Year With These 5 New Features

Friday September 29, 2023 11:29 am PDT by
At WWDC 2022 last year, Apple previewed the next generation of CarPlay, promising deeper integration with vehicle functions like A/C and FM radio, support for multiple displays across the dashboard, personalization options, and more. Apple said the first vehicles with support for the next-generation CarPlay experience would be announced in late 2023, but it has still not shared any additional...
Read Full Article
iOS 17

Everything New in iOS 17.1 Beta 1

Wednesday September 27, 2023 1:57 pm PDT by
Just a week after releasing iOS 17, Apple has seeded the first beta of iOS 17.1 to developers. iOS 17.1 adds some features that Apple promised were coming to iOS 17 in the future, plus it refines and improves some existing features. This guide covers everything new in the first iOS 17.1 beta. Apple Music Favorites You can favorite songs, albums, playlists, and artists in the iOS 17.1...
Read Full Article99 comments
iPhone 15 Pro lineup

iPhone 15 Pro Overheating Concerns Highlighted in Two More Reports

Thursday September 28, 2023 6:25 am PDT by
iPhone 15 Pro and Pro Max overheating concerns continue to make headlines this week, with the topic highlighted by The Wall Street Journal and Bloomberg. Both of the reports document anecdotal complaints from customers, and outline potential causes, but it's unclear how many devices are actually affected. Bloomberg said the overheating could be caused or compounded by the iPhone's setup...
Read Full Article324 comments
iPhone 15 Pro lineup

Apple to Address iPhone 15 Pro Overheating Issue With iOS 17 Update

Saturday September 30, 2023 9:28 am PDT by
Apple plans to release an iOS 17 update to address a bug that may contribute to the reported iPhone 15 Pro and iPhone 15 Pro Max overheating issue, according to a statement the company shared today with MacRumors and Forbes reporter David Phelan. Apple also says some recent updates to third-party apps have overloaded the system and contributed to the overheating issue. The report notes that...
Read Full Article230 comments
iPhone 15 USB C Port Keynote

Some USB-C Power Banks Fail to Work With iPhone 15

Thursday September 28, 2023 2:06 pm PDT by
Apple added a USB-C port to the iPhone 15 lineup this year, allowing it to work with USB-C cables, USB-C power banks, and more. It turns out that some USB-C battery packs are not working properly with Apple's iPhone 15, resulting in charging issues. As highlighted on Reddit and the MacRumors forums, not all existing USB-C power banks can be used with the iPhone 15 models, perhaps due to the...
Read Full Article210 comments
iOS 17

Apple Releases iOS 17.0.2 and iPadOS 17.0.2 for All iPhones and iPads

Tuesday September 26, 2023 12:47 pm PDT by
Apple today released iOS 17.0.2 and iPadOS 17.0.2 updates, with the software coming five days after the releases of iOS 17.0.1 and iPadOS 17.0.1. Today's iOS 17.0.2 and iPadOS 17.0.2 updates arrive as build 21A351 and can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. Note that iOS 17.0.2 was previously made available for iPhone...
Read Full Article101 comments