Only a few hours have passed since the new iOS 12.1’s release and already its passcode bypass hack has been identified. Through the hack, the attacker can see all the private conversations on a locked iPhone. The passcode bypass hack has been discovered by a Spanish security researcher Jose Rodriguez.
Rodriguez has confirmed that there is a bug in the latest version of the iOS released earlier this week, that is, the iOS 12.1. He has shared a video as well to demonstrate the bypass process, which does not seem like a complex method at all. The exploit is only effective on iOS 12.1 and the attacker has to gain physical access to the iPhone.
According to the video, the new attack method doesn’t involve Siri and not even the VoiceOver screen reader feature, which was the case with the previously discovered passcode bypass hacks that Rodriguez discovered. To perform the hack, the attacker needs to target the iPhone, which can be done from any other iPhone.
You may also use Siri to call your own iPhone and if you don’t know the target’s phone number you can ask Siri “who I am” so that it makes a call to the phone digit by digit. The basic idea is to connect to the phone. So, when the call is connected the same screen is used to start Facetime video call.
When this is achieved, select Add Person located at the bottom right and press the plus (+) icon. Now, you will be able to access the full contact list of the iPhone. Through 3D Touch on each of the contact, you will be able to see more information.
There is no temporary fix available for the issue as of now so users need to wait for Apple to address the bug and release a software update to fix it.
Rodriguez isn’t new to identifying bugs in the iPhone’s iOS. He has already discovered multiple passcode bypass hacks, the latest one being identified only two weeks back. That particular bug exploited Siri and VoiceOver screen reader to bypass the passcode and other authentication measures of the locked iPhone to access contacts and photos.
In September this year, another bug identified by Rodriguez allowed anyone using the iPhone XS device on iOS 12 bypass passcode and easily access private data like photos and contacts.