IOS 12 allows Passcode Bypass
Apple has long been considered a safer option for mobile users, the company designs its products with advanced security in mind and has been known to continually remove and ban apps from the app store that aren’t secure enough. However, with the release of iOS 12 and iOS 12.1 beta, Apple has come under scrutiny after it was discovered that a security flaw allows a user to bypass the passcode to gain access to the photos and contacts of the locked iPhone.
How does this exploit work?
There is a several step process to get into a locked iPhone running iOS12, and this isn’t something you’re likely to do by accident. Firstly, it’s important that FaceID is disabled. Even so, below is how it works step by step:
- Use Siri to enable voice over.
- Call the phone you want to get into so that the call screen appears
- Click on the “Message” button on the call screen and select “custom”
- Click on the + icon in the corner, and then send a message to the phone to get a notification, before double tapping the + icon. This should cause the screen to go white.
- Swipe randomly on the screen until you here a “cancel” option
- Double tap on the screen to bring up the message again and select numbers, this will bring up all of the contacts.
The process to get into photos also works through voiceover, and only allows you access to one photo at a time, that you can’t view before you select it as a contact photo. Getting into the phone would allow an attacker to steal contact information, or change contact information within the phone, as well as seeing restricted photos. Apple have not yet responded to the news, but it is expected that they will release a patch to fix the issue shortly.