A bug has just been discovered in iOS 12 that allows anyone with physical access to your locked phone to enter your photo album and send photos to anyone in Apple Messages. Like other similar passcode bypasses, this one uses Siri to get through your phone’s defenses.
The bug was discovered by amateur security researcher José Rodríguez, and is demonstrated in his video below.
While pulling off the exploit requires physical access to the phone, a number of specific steps and some careful timing, it’s much easier than previous bugs to activate and could leave iPhone users open to invasions of privacy from friends, roommates or distrustful partners.
The exploit takes about 12 steps, and you can try it yourself if you have an iPhone (just don’t try it on someone else’s iPhone, please). As shown in the video, the bug is initiated when you call the phone with another and answer with a message rather than answering the call. You then use Siri to start VoiceOver, a service meant for sight-impaired users.
In the next step you tap the camera icon, and invoke Siri while double tapping. This part involves some tricky timing but as you can see in the middle part of the video, you can try again and again until you get it right. Here’s where VoiceOver comes in, as it will tell you what you’re selecting while the screen remains black. You simply have to swipe until it says you can select the Photo Library, then tap to select it.
At this point you get taken back to the message screen, and just have to tap the little bar on top of the blank keyboard to activate the photo library, then swipe and tap through to select photos from the invisible photo gallery.
This security bypass works in iOS 12.0.1, though it will likely be patched in a new update. In the meantime, you can protect yourself from this bug by just turning off Siri while your phone is locked, a setting you can find under Touch ID & Passcode. Considering how vulnerable Siri seems to be to these kinds of bugs, it might be a good idea to keep it that way too.
Leave a Reply
You must be logged in to post a comment.