Apple keeps releasing iOS updates and Spanish researcher José Rodríguez keeps finding new ways to bypass each version’s lock screen security.
This week’s target was iOS 12.1, which appeared on Tuesday. By Wednesday, Rodríguez had posted a YouTube video showing how the lock screen could be beaten with the help of Siri and Facetime to reveal the device’s contact phone numbers and email addresses.
Apart from having physical access to the target iPhone, all an attacker would need is the phone number of the target (if they don’t know the number, they can just ask Siri “who am I?” from the target phone).
The attacker would then:
- Pick up the call
- Initiate FaceTime from the call menu screen
- Swipe up and enable airplane mode
- Immediately tap the (…) icon (for iOS 12.1.1 swipe up on the panel at the bottom)
- Tap “Add Person”
- Tap the (+) icon
Hey presto! They can scroll though the contact information.
Just to get ahead of Apple’s security team, the method even reportedly works on the beta for the forthcoming iOS 12.1.1.
Rodríguez’s lock screen bypasses have become an uncomfortable fixture lately.
The most recent was only two weeks ago, a lock screen in iOS 12.0.1 that would have given an attacker access to a device’s photos.
Ironically, that update included fixes for two previous lock screen bypasses Rodríguez had publicised in September that compromised contacts, emails, telephone numbers, and photos.
Before that, the same researcher had discovered a clutch of lock screen bypass issues going back to 2013.
Until Apple posts a fix, you can mitigate the flaw by disabling Siri’s VoiceOver lock screen access: go to Settings → Siri & Search and turn off Allow Siri when locked.
A deeper question is why Siri and the lock screen still don’t mix happily.
It could simply be that there is a fundamental incompatibility in their purpose – locked access versus easy voice access to some functions – which is inherently difficult to reconcile without compromise.
ejhonda
Seems like Apple should just incorporate José into the testing process before releasing to the public.
Richard Henderson II
That Siri was able to answer the the “Who am I?” question allowed airport security to return my iPhone to me. I was pages over the speaker system and recovered my iPhone. All in all, a pretty handy service – but then again, the finder was a moral upstanding person doing the right thing.
nshani
Or get rid of (i.e., disable) Siri? Do you really need that enabled? Was life before Siri so bad with just typing & clicking?
Wilbur
That’s what I did, and it seems to work well. Unfortunately, a previous update required me to enable Voice Control in order to disable Siri and I sure would like to know why. I don’t use – or want – any of those voice options so why can’t I disable them completely? Would it sound too tinfoil-hattish if someone were to speculate that was a bone Apple threw to all the TLAs (Three Letter Agencies)?
enigma
Interesting. I wonder if customs and border control agents can or have used same hack to get into ones phone, once seized at the border for XYZ reason(s)