Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Complex Passcode Bypass Method Exposes iPhone Contacts and Photos in iOS 12
- Thread starter MacRumors
- Start date
- Sort by reaction score
Man, you’ve really got to have some dedication to figure out something like that. To have each item, in that specific sequence.... jeez.
Even if you were on 12, that doesn’t necessarily you would be more vulnerable.
Here's a basic one. If Control Center is enabled on the lock screen, I can put your phone into airplane mode when I steal it.
[doublepost=1538242062][/doublepost]
Lock Screen options are in 'TouchID and Passcode'.
I think it's to avoid any possibility of Touch ID being involved.
===
I think there's a way bigger issue here - it seems to me you shouldn't be able to do much when your phone is ringing before you authenticate.
Seems to me the process should be something like - if your phone is ringing, you can only answer or decline. If you answer, you wouldn't hear the other person and they wouldn't hear you - instead Siri would announce to both of you that you still need to authenticate.
All of those other options shouldn't be there prior to you authenticating.
Actually, no; well at least in iOS 11 days. I had a friend who observed me do the "Hey Siri" cmd to my nearby iPad Pro to perform a Homekit command. He then tried yelling out "Hey Siri" and after just a couple tries, my iPad responded to him. I was really surprised. Hope Apple has improved the voice analysis since then. Said friend moved away so it's not like I can just ask him to try it again to test if it's better.
And requires physical access to the phone. Sorry but if you lose physical access to your phone you have bigger issues than whether someone knows and can successfully pull off a trick like this. Not to mention that you can lost mode your phone if you were smart enough to have iCloud signed in without seconds and a computer or another iPhone. No one can do jack on a phone in lost mode expect erase it in recovery mode (removing all your private data) and putting it in activation lock so it’s only good for parts (not even the managers at an apple store or the staff at apple care can remove a lock when the phone is in lost mode)
[doublepost=1538244860][/doublepost]
Given that it’s been announced yeah. I’m fairly sure Apple has staff combing sites like this and reddit for these kinds of reports so they can nip it before it’s ever actually an issue
It doesn’t matter, if that person was smart and enabled all the security features with the phone and iCloud you’ve basically stole a paperweight anyway
You could simply turn the phone off if you "steal it".
Up, up, down, down, left, right, A, B, A makes the headphone jack reappear.
It might not matter to YOU... but to many, many people (me included!) it would be wonderful to be able to track & retrieve a stolen phone b/c of a thief’s inability to block me from using the feature with a trivial action.
So is the "security" protecting your photos just the GUI? I'm sorry, but a GUI glitch allowing access is some Windows 98 type of security flaw, and it indicates a much worse problem beneath. This means that the contacts and photos are somehow not protected by the encryption in certain cases, and likely other data too.
Big props to this guy for discovering it, especially if it's true he's just a taxi driver and not a professional hacker or engineer.
Big props to this guy for discovering it, especially if it's true he's just a taxi driver and not a professional hacker or engineer.
Last edited:
That my friend has an easy explanation (just one of them), if you use Siri for home automation, otherwise it won't be convenient.
Another one is when you are busy, driving for instance.
Fix one thing, break two others...
Vulnerability in software has always been a problem. There are people who have dedicated their lives to exploit and destroy.
Vulnerability in software has always been a problem. There are people who have dedicated their lives to exploit and destroy.
Ah, of course, thx. I just didn’t think tapping with a pen cap could activate the home button (unless it’s conductive).
Well it’s a problem solved with Face ID. Won’t show control centre unless you look at the phone if it’s turned on in settings, that’s how i have it set, don’t even notice it’s off
Yeah. The last issue is powering the phone off.
Sadly, I’m speaking from experience. =/
I didn’t have insurance on my iPhone X b/c I thought nobody would be stupid enough to steal an unusable phone.
I left it at a side smoking area at my work (300+ employees). I realized it about 5 minutes later & returned... it wasn’t there so I called it.
It had already been shut off and I ended up having to pay off the remaining $650 I owed on it, so I can order a XR... but without the ability to sell it & recoup the cost of a new phone.
Needless to say- that stung!
I wish there was a preventative measure for this type of instance.
I mean he’d have to turn it on eventually, right? If you requested find my iphone to lock it in lost mode wouldn’t it have bricked when they turned it on?
Exactly. The point is the phone is unusable no matter what the thief does. Apple's put a lot of effort into this.
There could be vulnerabilities. Say there's a known way to break in, but only if the phone hasn't been turned off. I know it enters some locked-down state it maintains until you first enter your passcode. And there's the USB lock too. In that case only, the thief would want to put it into airplane mode (or shield its RF) but not turn it off.