A passcode bypass vulnerability has been discovered in iOS 12 that potentially allows an attacker to access photos and contact details on a locked iPhone.

The rather convoluted bypass method was shared in a video by Jose Rodriguez, who has discovered iOS bugs in the past that Apple has subsequently fixed.

iphone bypass lock screen
With physical access to the locked device, the attacker first asks Siri to activate VoiceOver, sleeps the device with the Side button, and then calls the iPhone using another device. Once the call screen shows up, the attacker taps the Message button, opts to create a custom message, and then taps the plus (+) icon in the top right.

Next, on the other phone, the attacker sends a text or iMessage to the target iPhone, whose screen is then double-tapped when the message notification appears. This causes an odd behavior in the UI, since it highlights the plus icon underneath.

After a short wait, the screen goes white and the notification disappears, but the VoiceOver's text selection box is apparently still tappable and can now be used to access the Messages interface. Following multiple screen swipes, the VoiceOver is heard to say "Cancel," which reveals the original Messages screen.


Adding a new recipient to the message and selecting a numeral from the virtual keyboard then reveals a list of recently dialed or received phone numbers and contacts. Further, if one of the numbers or contacts includes an info ("i") button, disabling VoiceOver and tapping the button shows the contact's information. Performing a 3D Touch action on the contact also brings up call and message options, along with options to Add to Existing Contact or Create New Contact.

In a similarly complicated set of steps involving an invisible user menu, an attacker can eventually access a locked iPhone's Camera Roll and other photo folders, which can then be used to add profile pictures to contact cards.

The bypass methods work on all iPhones including the iPhone XS lineup, but Apple doesn't appear to have fixed the vulnerabilities in the latest iOS 12.1 beta. Thankfully however, all of the above can be easily prevented by disabling access to Siri from the lock screen.

Concerned users can do so by navigating to Settings > Face ID & Passcode (that's Settings > Touch ID & Passcode on iPhones with Touch ID) and disabling the Siri toggle under the "Allow access when locked" menu.

Top Rated Comments

SBlue1 Avatar
76 months ago
How do they find out something like this?? :)
Score: 40 Votes (Like | Disagree)
MrGimper Avatar
76 months ago
Youtuber EverythingApplePro reported that it was found by a taxi driver who tries to discover bugs like this on his iPhone while waiting for passengers.
He's also famous for being the taxi driver who has one customer every 10 years.
Score: 24 Votes (Like | Disagree)
Scottsoapbox Avatar
76 months ago
Hats off to hackers and security people that have much more patient for minutiae than me.
Score: 13 Votes (Like | Disagree)
davidg4781 Avatar
76 months ago
Why in the world do people have Siri enabled on the lock screen in the first place? The only thing worse would be the truly clueless who enable control center on the lock screen.
So when I’m cooking, I can just yell “Hey Siri, set a timer for 2 and one-half minutes!” and not be bothered by picking it up.

Or when I’m driving, just say “Hey Siri, tell dad I’ll be there in five minutes.” Since Apple doesn’t feel it can leave iPhone on while plugged in listening to music.

Now, serious question, what’s wrong with Control Center being enabled on lock screen?
Score: 12 Votes (Like | Disagree)
BaccaBossMC Avatar
76 months ago
How do they find out something like this?? :)
Surely this must have been discovered in some reverse-engineering of iOS. How else would you ever find this.
Youtuber EverythingApplePro reported that it was found by a taxi driver who tries to discover bugs like this on his iPhone while waiting for passengers.
Score: 12 Votes (Like | Disagree)
KrispE00 Avatar
76 months ago
Up, up, down, down, left, right, A, B, A makes the headphone jack reappear.
Score: 9 Votes (Like | Disagree)

Popular Stories

iPhone SE 4 Vertical Camera Feature

iPhone SE 4 Rumored to Use Same Rear Chassis as iPhone 16

Friday July 19, 2024 7:16 am PDT by
Apple will adopt the same rear chassis manufacturing process for the iPhone SE 4 that it is using for the upcoming standard iPhone 16, claims a new rumor coming out of China. According to the Weibo-based leaker "Fixed Focus Digital," the backplate manufacturing process for the iPhone SE 4 is "exactly the same" as the standard model in Apple's upcoming iPhone 16 lineup, which is expected to...
iPhone 16 Pro Sizes Feature

iPhone 16 Series Is Just Two Months Away: Everything We Know

Monday July 15, 2024 4:44 am PDT by
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
bsod

Crowdstrike Says Global IT Outage Impacting Windows PCs, But Mac and Linux Hosts Not Affected

Friday July 19, 2024 3:12 am PDT by
A widespread system failure is currently affecting numerous Windows devices globally, causing critical boot failures across various industries, including banks, rail networks, airlines, retailers, broadcasters, healthcare, and many more sectors. The issue, manifesting as a Blue Screen of Death (BSOD), is preventing computers from starting up properly and forcing them into continuous recovery...
iphone 14 lineup

Cellebrite Unable to Unlock iPhones on iOS 17.4 or Later, Leak Reveals

Thursday July 18, 2024 4:18 am PDT by
Israel-based mobile forensics company Cellebrite is unable to unlock iPhones running iOS 17.4 or later, according to leaked documents verified by 404 Media. The documents provide a rare glimpse into the capabilities of the company's mobile forensics tools and highlight the ongoing security improvements in Apple's latest devices. The leaked "Cellebrite iOS Support Matrix" obtained by 404 Media...
Apple Watch Series 9

2024 Apple Watch Lineup: Key Changes We're Expecting

Tuesday July 16, 2024 7:59 am PDT by
Apple is seemingly planning a rework of the Apple Watch lineup for 2024, according to a range of reports from over the past year. Here's everything we know so far. Apple is expected to continue to offer three different Apple Watch models in five casing sizes, but the various display sizes will allegedly grow by up to 12% and the casings will get taller. Based on all of the latest rumors,...
tinypod apple watch

TinyPod Turns Your Apple Watch Into an iPod

Wednesday July 17, 2024 3:18 pm PDT by
If you have an old Apple Watch and you're not sure what to do with it, a new product called TinyPod might be the answer. Priced at $79, the TinyPod is a silicone case with a built-in scroll wheel that houses the Apple Watch chassis. When an Apple Watch is placed inside the TinyPod, the click wheel on the case is able to be used to scroll through the Apple Watch interface. The feature works...