Privacy News Another Day, Another Update, Another iPhone Lockscreen Bypass

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Apple keeps releasing iOS updates and Spanish researcher José Rodríguez keeps finding new ways to bypass each version’s lockscreen security.

This week’s target was iOS 12.1, which appeared on Tuesday. By Wednesday, Rodríguez had posted a YouTube video showing how the lockscreen could be beaten with the help of Siri and Facetime to reveal the device’s contact phone numbers and email addresses. Apart from having physical access to the target iPhone, all an attacker would need is the phone number of the target (if they don’t know the number, they can just ask Siri “who am I?” from the target phone). The attacker would then:
  • Pick up the call
  • Initiate FaceTime from the call menu screen
  • Swipe up and enable airplane mode
  • Immediately tap the (…) icon (for iOS 12.1.1 swipe up on the panel at the bottom)
  • Tap “Add Person”
  • Tap the (+) icon
Hey presto! They can scroll though the contact information. Just to get ahead of Apple’s security team, the method even reportedly works on the beta for the forthcoming iOS 12.1.1. Rodríguez’s lockscreen bypasses have become an uncomfortable fixture lately.

Until Apple posts a fix, you can mitigate the flaw by disabling Siri’s VoiceOver lockscreen access: go to SettingsSiri & Search and turn off Allow Siri when locked.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top