31 Oct 2018

Apple released its latest version of iOS mobile operating system, iOS 12.1 and within few hours an iPhone enthusiast managed to find a passcode bypass hack that can permit anyone to see all contacts’ private information on a locked iPhone.

The iPhone passcode bypass bug was found by Jose Rodriguez, a Spanish security researcher. In order to demonstrate the bug, Rodriguez shared a video describing the working of the new iPhone hack. It is very simple to perform when compared to his previous passcode bypass findings.

This time the issue lies in a new feature, called Group FaceTime which was introduced by Apple with iOS 12.1, to make it easier for users to video chat with more people than ever i.e. a maximum of 32 people.

Working of the New iPhone Passcode Bypass Attack

In the previous passcode bypass hack discovered by Rodriguez, it worked with the help of Siri or VoiceOver screen reader feature enabled on a target iPhone. But the new hack doesn’t even require them to be enabled on a target iPhone.

Steps to execute the new passcode bypass hack:

  • Call the target iPhone from any other iPhone (if you don’t know the target’s phone number, either ask Siri “who I am,” or ask Siri to make a call to your phone number digit by digit), or use Siri to call on your own iPhone.
  • When the call connects, initiate the “Facetime” video call from the same screen.
  • Go to the bottom right menu and select “Add Person.”
  • Press the plus icon (+) to access the complete contact list of the targeted iPhone, and by doing 3D Touch on each contact, you can see more information.

Rodriguez reported that “In a passcode-locked iPhone with latest iOS released today Tuesday, you receive a phone call, or you ask Siri to make a phone call (can be digit by digit), and, by changing the call to FaceTime you can access to the contact list while adding more people to the Group FaceTime, and by doing 3D Touch on each contact you can see more contact information,”

Here since the attack makes use of the Apple’s Facetime, the hack works only if both the devices involved in the process are iPhones.

The new passcode bypass hacks seem to work on all current iPhone models, including iPhone X and XS devices, running the latest version of the Apple mobile operating system, i.e., iOS 12.1.

There is nothing at present to temporarily fix the issue, so the users need to wait until Apple issues a software update to address the new iPhone passcode bypass bug.

Earlier Rodriguez has discovered several iPhone passcode bypass hacks. Two weeks back he found an iPhone bypass hack in 12.0.1 making use of Siri and VoiceOver screen reader to get through your phone’s defenses, to access photos and contacts on a locked iPhone. Last month too, a similar bug was discovered in iOS 12 which also uses Siri and VoiceOver screen reader to access your contacts and photos by any attacker with physical access to the phone.

Leave your thought