Two Complex iOS 12 Passcode Bypasses Expose Contacts and Photos

iOS 12, the latest version of Apple’s mobile operating system which was released in the middle of September, is already facing a serious security problem. Apparently, someone has found a way to go around its lock screen security to access the device owner’s contacts, emails, telephone numbers, and photos.

It is in fact a matter of two separate bypass exploits unearthed by a security researcher. One is a lock screen bypass, and the other is a Face ID and Touch ID bypass.

Complex Bypasses in iOS 12 Discovered

Of course, if someone wants to exploit iOS 12’s lock screen, they will need to go through 12 steps in a specific sequence in order to view contacts, numbers and emails. In addition, there are 21 separate steps to view photos. This makes an attack complicated to accomplish, but a dedicated individual with enough time, the right set of instructions and physical access to the device would definitely go through the trouble.

The two complicated bypasses were discovered by Jose Rodriguez, and they are indeed difficult to perform. The steps involve the deployment of Siri, Apple’s VoiceOver screen reader feature and the Notes app. Both of the methods are valid on iPhones running iOS 12, models with Face ID or Touch ID inclusive.

The researchers revealed the exploits in two separate videos in Spanish shared on his YouTube channel. In the first video it is revealed how a malicious user would be able to bypass Face ID and Touch ID security protocols.

First, Rodriguez activates VoiceOver through a Siri request. Then, he calls the target iPhone with a separate device and, with the call dialogue displayed, taps the “Message” button to create a custom text message, AppleInsider explained.

Once in Messages, (Read more...)

*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum | SensorsTechForum.com authored by Milena Dimitrova. Read the original post at: https://sensorstechforum.com/two-complex-iso12-passcode-bypasses/