YouTuber reveals iPhone XS passcode bypass bug exposing contacts/photos

With new iPhone XS out, it is a universally believed fact that Apple is committed to improving, and enhancing user privacy and security in its devices. With the new iOS 12 and iOS 12.1 beta, the Cupertino-based company claims to have taken security to a whole new level.

However, this claim is questioned after numerous researchers and white hat hackers successfully jailbroke iOS 12 beta in the past week.  And the news we are going to share with you will further make the reliability of the new iOS version questionable as far as privacy is concerned.

Reportedly, a bug has been identified in the recently unveiled iOS 12.1 beta and iOS 12 that lets anyone using the device bypass your passcode and easily access private data like photos and contacts. Both Face ID and Tough ID enabled iPhones are vulnerable to the hack. This means, bypassing work on not only on iOS 12 but also on the latest Apple devices such as iPhone XS. An attacker can exploit the bug to access private data on your phone on a locked iPhone XS as well as other Apple devices.

To successfully bypass an unlocked iPhone, the attacker would need physical access to the vulnerable device. Once the access is obtained, the attacker can sidestep the password verification screen on iPhone. To bypass the passcode, Siri is tricked, and the VoiceOver feature in iOS is modified to sidestep the verification process. However, the attack would work if the device has Siri enabled and Face ID is disabled or manually covered such as with a tape.

The bypassing technique was shared by a YouTuber Jose Rodriguez, a Spain-based clerk who claims to be an Apple enthusiast. Rodriguez has been responsible for identifying many bugs and flaws in iPhone previously. To share his latest findings, Rodriguez posted a video on his YouTube channel “Videosdebarraquito.”

In the video, Rodriguez demonstrates the complex 37-step bypass procedure in the Spanish language. He has so far posted two videos, both in Spanish, to demonstrate the process of bypassing passcode on an unlocked iPhone running iOS 12. Soon after the two videos were posted on Sept 26 a tech channel EverythingApplePro created a new version of the video in English language and posted it.

Using the technique an attacker can edit contact information associated with any caller including the image despite that Apple had confirmed putting mitigations to prevent hacks that allow images to be viewed through contacts. Apparently, Rodriguez identified a way to thwart the iPhone’s much-hyped security barriers.

The bypass technique has been authenticated by Threatpost, and it is confirmed that the hack works on various iPhone models including iPhone XS. In spite of several attempts, Apple did not respond to the news.

Total
0
Shares
Related Posts