“Jose Rodriguez, a Spanish security researcher, contacted The Hacker News and confirmed that he discovered an iPhone passcode bypass bug in the latest version of its iOS mobile operating system, iOS 12.1, released by Apple today.” reads a post published by THN.
Like other passcode bypass flaws discovered by the researcher also this one is very simple to exploit.
Rodriguez published a video PoC that show how the passcode bypass works.
The new passcode bypass attack doesn’t leverage on Siri or VoiceOver screen reader feature enabled on a target iPhone.
“In a passcode-locked iPhone with latest iOS released today Tuesday, you receive a phone call, or you ask Siri make a phone call (can be digit by digit), and, by changing the call to FaceTime you can access to the contact list while adding more people to the Group FaceTime, and by doing 3D Touch on each contact you can see more contact information,” Rodriguez told The Hacker News.
Also, it should be noted that since the attack utilizes Apple’s Facetime, the hack would only work if the devices involved in the process are iPhones.
Unfortunately, at the time, there is no workaround to address the issue.
Rodriguez has recently other similar issued in Apple devices, in October he first discovered a passcode bypass vulnerability in Apple’s new iOS version 12 that could have been exploited to access photos, contacts on a locked iPhone XS.
The researcher also disclosed a new passcode bypass flaw that could have been exploited to access photos and contacts on a locked iPhone XS.
(Security Affairs – passcode bypass flaw, hacking)