The complex password bypass method exposes contacts and photos of iPhone in iOS 12

A password-bypass vulnerability was discovered in iOS 12, potentially allowing an attacker to access photos and contact details of a locked iPhone.

The rather complicated workaround was shared in a video of Jose Rodriguez, who discovered iOS bugs previously fixed by Apple.

With physical access to the device locked, the attacker first asks Siri to turn on VoiceOver, puts the device to sleep with the side button, and then calls the device. iPhone with the help of another device. Once the call screen is displayed, the attacker clicks the Message button, chooses to create a custom message, and then clicks the plus (+) icon in the upper right.

Then, on the other phone, the attacker sends an SMS or an iMessage to the target iPhone, whose screen is then touched twice when notification of the message is displayed. This causes strange behavior in the user interface because it highlights the icon further below.

After a short wait, the screen turns white and the notification disappears, but the VoiceOver text selection box is apparently still usable and can now be used to access the Messages interface. After several screen scans, VoiceOver says "Cancel", which brings up the original Messages screen.

Adding a new recipient to the message and selecting a number from the virtual keyboard will then reveal a list of recently dialed or received phone numbers and contacts. In addition, if one of the numbers or contacts includes an information button ("i"), turn off VoiceOver and press the button to display the contact information. Running a 3D Touch action on the contact also opens call and message options, as well as options for Add to existing contact or Create new contact.

In a similar set of complicated steps involving an invisible user menu, an attacker may eventually access the Camera Roll of a locked iPhone and other photo folders, which can then be used to add profile pictures to contact cards.

The workarounds work on all iPhones, including the iPhone XS range, but Apple does not seem to have fixed the vulnerabilities of the latest iOS 12.1 beta release. Fortunately, all of the above can be easily avoided by disabling access to Siri from the lock screen.

The affected users can do this by navigating to Settings> Face ID and Access Code (C & # 39; Settings> Touch ID and Access Code on iPhones with Touch ID) and disabling the Siri Switch to the "Allow access when locked" menu.