Saturday, 14 September 2019

Yikes! iOS 13 Coming Next Week With iPhone LockScreen Bypass Bug

Good news... next week, on September 19, Apple will roll out iOS 13, the latest version of its mobile operating system.

Yes, we're excited about, but here comes the bad news...

iOS 13 contains a vulnerability that could allow anyone to bypass the lockscreen protection on your iPhone and access some sensitive information.

Jose Rodriguez, a Spanish security researcher, contacted The Hacker News and revealed that he discovered a lockscreen bypass bug in iOS 13 that allowed him to access the full list of Contacts on his iPhone—and every piece of information saved on them.

Rodriguez told The Hacker News that he discovered the new lockscreen bypass bug on his iPhone running iOS 13 beta version and reported it to Apple on July 17.

However, unfortunately, Apple failed to patch the bug even after being informed months ago, and the bypass is still working on the Gold Master (GM) version of iOS 13, the final version of the software that will be rolled out to everyone on September 19.


How Does iOS 13 Lockscreen Bypass On iPhone Work?

 
The bug allows anyone with physical access to a target's iPhone to trick the smartphone into granting access to the full list of stored Contacts, as well as detailed information for each individual contact including their names, phone numbers, and emails—all using nothing but a FaceTime call.

The latest iPhone lockscreen bypass hack is similar to the one Rodriguez discovered last year in iOS 12.1, just a few hours after Apple released iOS 12.1, allowing anyone to bypass the lockscreen on a targeted iPhone using the built-in VoiceOver feature.

To demonstrate the new iPhone hack, Rodriguez shared a video with The Hacker News, as shown below, demonstrating how the hack works and relatively how simple it is to perform by any non-techie user.

The bug involves activating a FaceTime call on a target's iPhone and then accessing Siri's voiceover support feature to obtain access to the contact list—and every information saved on them.

However, more likely, Apple will patch this issue in the iOS 13.1 release, which is expected to arrive for the public on September 30. So all users should patch their iPhones by the end of the month.

Until then iPhone users are recommended to not leave their phone unattended, at least in public and workplaces.

 



No comments:

Post a Comment