Last month, we heard of multiple iOS 12 lock screen bypass methods discovered by Jose Rodriguez. Using these techniques, an attacker could easily bypass the iPhone passcode and access the photos, contacts, and other data stored in the device. After the bypass methods surfaced online, Apple began working to fix the glitches along with other vulnerabilities and rolled out iOS 12.1. While the users should expect a seamless user experience with the updated version, Jose Rodriguez pointed out another problem. As demonstrated, the Group FaceTime feature, upon exploit, can lead to iOS 12.1 lock screen bypass, allowing the attacker to access device contacts.
iOS 12.1 Lock Screen Bypass Via Group FaceTime Exploit
Reportedly, Jose Rodriguez found a method that triggers iOS 12.1 lock screen bypass by exploiting the group Facetime feature. The trick does not necessarily require using Siri, unlike the previous passcode bypass methods for iOS 12.
According to Rodriguez, invoking the newly introduced Group FaceTime feature in the iOS 12.1 could allow an attacker to access user contacts. To exploit this bug, the attacker must have physical access to the device.
All it takes for an attacker is to call the target iPhone from any other iPhone, and invoking Group FaceTime after the call connects. Group FaceTime allows video chats with as many as 32 contacts. It means the feature involves access to the contacts stored on the device. That’s where the glitch resides. An attacker can simply tap “Add Person” from the menu, and then click on the “+” icon in the next screen. This is it! The entire contacts list now becomes exposed to the attacker. From here, the attacker can easily access further details for each contact by simply tapping individual contacts.
Here is the video shared by Jose Rodriguez demonstrating the exploit.
Apple Needs To Patch Another Lock Screen Bypass
The recent iOS 12.1 lock screen bypass method comes right after the release of the updated iOS. Although, Apple has patched the previous passcode bypass bugs in this version. The current vulnerability is still awaiting a patch.
The new exploit specifically works for iPhones as it involves FaceTime. Almost all iPhone models running the iOS 12.1 are vulnerable to this attack method. What’s more worrying is that, at present, no workaround is available for the vulnerability.
Latest posts by Abeerah Hashim (see all)
- Facebook Awarded $25000 Bounty For Reporting a CSRF Vulnerability - February 19, 2019
- Vulnerability In Xiaomi Electric Scooters Allows Attackers to Take Control of the Machine - February 17, 2019
- Firefox For iOS Now Offers Persistent Private Browsing With Firefox 15 - February 17, 2019