Complex Passcode Bypass Method Exposes iPhone Contacts and Photos in iOS 12

Discussion in 'iOS Blog Discussion' started by MacRumors, Sep 29, 2018.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    A passcode bypass vulnerability has been discovered in iOS 12 that potentially allows an attacker to access photos and contact details on a locked iPhone.

    The rather convoluted bypass method was shared in a video by Jose Rodriguez, who has discovered iOS bugs in the past that Apple has subsequently fixed.

    [​IMG]

    With physical access to the locked device, the attacker first asks Siri to activate VoiceOver, sleeps the device with the Side button, and then calls the iPhone using another device. Once the call screen shows up, the attacker taps the Message button, opts to create a custom message, and then taps the plus (+) icon in the top right.

    Next, on the other phone, the attacker sends a text or iMessage to the target iPhone, whose screen is then double-tapped when the message notification appears. This causes an odd behavior in the UI, since it highlights the plus icon underneath.

    After a short wait, the screen goes white and the notification disappears, but the VoiceOver's text selection box is apparently still tappable and can now be used to access the Messages interface. Following multiple screen swipes, the VoiceOver is heard to say "Cancel," which reveals the original Messages screen.


    Adding a new recipient to the message and selecting a numeral from the virtual keyboard then reveals a list of recently dialed or received phone numbers and contacts. Further, if one of the numbers or contacts includes an info ("i") button, disabling VoiceOver and tapping the button shows the contact's information. Performing a 3D Touch action on the contact also brings up call and message options, along with options to Add to Existing Contact or Create New Contact.

    In a similarly complicated set of steps involving an invisible user menu, an attacker can eventually access a locked iPhone's Camera Roll and other photo folders, which can then be used to add profile pictures to contact cards.

    The bypass methods work on all iPhones including the iPhone XS lineup, but Apple doesn't appear to have fixed the vulnerabilities in the latest iOS 12.1 beta. Thankfully however, all of the above can be easily prevented by disabling access to Siri from the lock screen.

    Concerned users can do so by navigating to Settings > Face ID & Passcode (that's Settings > Touch ID & Passcode on iPhones with Touch ID) and disabling the Siri toggle under the "Allow access when locked" menu.

    Article Link: Complex Passcode Bypass Method Exposes iPhone Contacts and Photos in iOS 12
     
  2. SBlue1 macrumors 65816

    SBlue1

    Joined:
    Oct 17, 2008
  3. Scottsoapbox macrumors 6502a

    Scottsoapbox

    Joined:
    Oct 10, 2014
    #3
    Hats off to hackers and security people that have much more patient for minutiae than me.
     
  4. MrGimper macrumors 603

    MrGimper

    Joined:
    Sep 22, 2012
    Location:
    Andover, UK
    #4
    Surely this must have been discovered in some reverse-engineering of iOS. How else would you ever find this.
     
  5. BaccaBossMC macrumors regular

    BaccaBossMC

    Joined:
    Jul 8, 2016
    Location:
    Nursing Home of the U.S.
    #5
    Youtuber EverythingApplePro reported that it was found by a taxi driver who tries to discover bugs like this on his iPhone while waiting for passengers.
     
  6. Scotty2Hotty macrumors member

    Scotty2Hotty

    Joined:
    Sep 16, 2014
    #6
    "convoluted" and "complicated" to say the least
     
  7. MrGimper macrumors 603

    MrGimper

    Joined:
    Sep 22, 2012
    Location:
    Andover, UK
    #7
    He's also famous for being the taxi driver who has one customer every 10 years.
     
  8. idmean macrumors member

    Joined:
    Feb 27, 2015
    #8
    The home screen at the beginning of the video looks odd: Apps centered at the bottom of a page?
     
  9. 4jasontv macrumors 65816

    Joined:
    Jul 31, 2011
    #9
    Good eye, it’s a optical illusion mixed with a little trick. All the spaces that seem missing are really just safari web links to a page that shows a white image. If the wallpaper was changed you would see white squares. You could do this with any color, and if you had a lot time and even more patience you could also do this with a graphic....
     
  10. mistasopz macrumors 6502

    Joined:
    Apr 14, 2006
    #10
    Well I guess it’s more complicated than the no-password root exploit that surfaced recently, but still... I expect better than this Apple.
     
  11. now i see it macrumors 68030

    Joined:
    Jan 2, 2002
    #11
    If a bored guy sitting in a Taxi can find vulnerabilities like this, gotta wonder what government sponsored hacking professionals have found but kept quiet.
     
  12. alphaod macrumors Core

    alphaod

    Joined:
    Feb 9, 2008
    Location:
    NYC
    #12
    Well it's always a game of security versus convenience.

    I know a lot of people still use prefer 4-digit passcodes even when iOS now defaults to 6-digit passcodes. These same thing have TouchID/FaceID enabled, so there you go.
     
  13. luvbug macrumors regular

    luvbug

    Joined:
    Aug 11, 2017
    #13
    I know I had my Siri setting turned off already. I hope the default is "off". I can't imagine having Siri access "on" by default from the lock screen as being preferred, from a security standpoint.
     
  14. cloudyo macrumors member

    Joined:
    Feb 25, 2012
    #14
    I deactivated Siri on the lock-screen, so, fixed?
     
  15. MauiPa macrumors regular

    Joined:
    Apr 18, 2018
    #15
    The new rubik's cube!
     
  16. Kabeyun macrumors 68000

    Kabeyun

    Joined:
    Mar 27, 2004
    Location:
    Eastern USA
  17. I7guy macrumors P6

    I7guy

    Joined:
    Nov 30, 2013
    Location:
    Gotta be in it to win it
    #17
    Control center and Siri are always disabled from lock screen for me. Surprised these vulnerabilities still exist.
     
  18. cbr600 macrumors newbie

    Joined:
    Sep 29, 2018
    #18
    I think there’s something missing here. “Hey Siri” only activates to the user who sets it up. A person can’t activate that feature as described in the write up. Or he is just describing how to bypas something on his own iPhone. An issue but not such a big deal...
     
  19. posguy99 macrumors 6502a

    Joined:
    Nov 3, 2004
    #19
    Why in the world do people have Siri enabled on the lock screen in the first place? The only thing worse would be the truly clueless who enable control center on the lock screen.
     
  20. C DM macrumors Sandy Bridge

    Joined:
    Oct 17, 2011
    #20
    Helps in various situations like calling or doing something while driving, or jogging or something else of that nature.
     
  21. posguy99 macrumors 6502a

    Joined:
    Nov 3, 2004
    #21
    No one mentioned "Hey Siri". Enabling access to Siri on the lock screen doesn't have anything to do with whether you're allowing "Hey Siri".
     
  22. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #22
    If I am not mistaken, this vulnerability has been reported in a past version of iOS (albeit it wasn't the exact step for step bypass) and was quickly patched.
     
  23. cbr600 macrumors newbie

    Joined:
    Sep 29, 2018
    #23
    Well, allow Siri when locked only shows on settings when listen for Hey Siri is enabled.
     
  24. posguy99 macrumors 6502a

    Joined:
    Nov 3, 2004
    #24
    Except it shows all the time, of course. I certainly don't allow "Hey Siri" on my device, and there's the slider for Siri in "Allow Access When Locked", right where it's supposed to be. Toggling it on doesn't enable "Hey Siri", either.

    On the 7 and later, you don't (supposedly) have to be plugged into power to use "Hey Siri", but that shouldn't change where and when the option(s) show up in the UI.
     
  25. davidg4781 macrumors 68020

    Joined:
    Oct 28, 2006
    Location:
    Alice, TX
    #25
    So when I’m cooking, I can just yell “Hey Siri, set a timer for 2 and one-half minutes!” and not be bothered by picking it up.

    Or when I’m driving, just say “Hey Siri, tell dad I’ll be there in five minutes.” Since Apple doesn’t feel it can leave iPhone on while plugged in listening to music.

    Now, serious question, what’s wrong with Control Center being enabled on lock screen?
     

Share This Page