Privacy News New iPhone iOS 12.0.1 Lock Screen Bypass Exposes Your Photos

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,457
Apple’s iOS security team must be starting to feel as if they’re being besieged by security sleuth José Rodríguez. In his latest YouTube proof-of-concept, the Spaniard demonstrates how an attacker with physical access to an Apple device running iOS 12.0.1 (including the latest X and XS models) can gain access to photos stored on it.

The bypass needs 13 steps and requires good timing but at the end of the process, photos can be extracted by selecting and sending them to any number. Embarrassingly, Apple released iOS 12.0.1 last week to address a range of issues that had cropped up with iOS 12, including two separate lock screen bypass flaws publicised by Rodríguez in late September. Admittedly, one of these was more serious because it allowed access to a device’s contacts, emails, telephone numbers, and photos, but at 37 steps it was also a lot trickier to pull off than his latest compromise. The root cause of the issue is the same in all of these – namely using Siri to activate VoiceOver to perform certain tasks without having to unlock the phone.

Apple will no doubt add the latest bypass to its fix list for the iOS 12.1 update later this month but until then mitigating the problem can be achieved by disabling Siri’s lock screen access: go to SettingsSiri & Search and turn off Allow Siri when locked.

 

Ink

Administrator
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Never allow any digital assistant to activate when the device is locked. It happens with every iOS release, where Siri is the weakest link between device security and stored data.

Lockscreens have become too complicated, for the ease of the user.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top