Unraveled by Jose Rodriguez, the exploits are rather complicated, each contains multiple steps related to Siri, Apple's VoiceOver screen there function and, in one case, the Notes app. Both methods work on iPhones with the latest version of iOS, including models with Face ID or Touch ID biometric security.
The first of the two videos on the Spanish YouTube channel from Rodriguez explains a vulnerability that allows a potential attacker to bypass both Face ID and Touch ID security protocols.
Rodriguez demonstrates the process and activates VoiceOver via a Siri request. From there, he calls the target iPhone with a separate device and with the call dialog tapes the "Message" button to create a customized text message. Once in Messages, Rodriguez moves the text selector to the "+" symbol, specifies the addition of another contact, and then uses the secondary device to send a text message to the target iPhone, displaying a notification. Double-tapping the target iPhone screen while the notification is displayed seems to be causing a conflict in the iOS user interface.
Rodriguez confirmed to AppleInsider that the second device is required to perform the bypass.
Now that the screen is empty, Siri is reactivated and deactivated quickly. The screen remains empty, but VoiceOver's text selection box seems to be able to go to the Messages user menu and navigate through it. By swiping back through the available options and selecting "Cancel", the original Messages screen is retrieved, where a malicious user can add a new recipient. If you select a number using the keypad, recently dialed or received phone numbers and contacts are displayed that contain metadata associated with that number.
Continuing, the entire address book can be opened if a displayed contact or number presents an "i" or info button next to its respective entry. Turning VoiceOver off again via Siri and tapping the "i" icon displays the information of a contact. If you do a 3D touch gesture on the contact avatar, options appear before & # 39; Call & # 39 ;, & # 39; Message & # 39 ;, & # 39; Add to existing contact & # 39; or & # 39; Create new contact & # 39 ;. Selecting the last option displays a complete list of contacts.
Finally, photos can be retrieved by re-enabling VoiceOver and swiping to "Film Roll" in an invisible user menu. Navigating through recent photos, screenshots, and other folders through gestures and audio prompts allows an attacker to assign individual photos to a contact's user icon.
A second video describes a bypass of the lock screen that, although limited in size, shows that there is another bug in Apple's mobile operating system.
Rodriguez calls Siri again, but this time he creates a new banknote. After he has added an image to the note, he locks the phone and repeats the process. If you tap the inserted image in the second note, a media sharing icon is displayed that, when selected, displays a blank shared folder user interface. Requesting Siri to enable VoiceOver provides access to an unseen menu with the default sharing options for a user.
Apple still needs to address the vulnerabilities in the latest iOS 12.1 beta.
Concerned users can minimize the exposure to the apparent errors by enabling Siri lock screen access Settings gt Face ID Passcode or Settings gt Touch ID access code under the heading "Allow access when locked". The second attack can be thwarted by enabling password protection for Notes by navigating to it Settings gt Notes gt Password.
Rodriguez discovered a number of lock screen bypasses in earlier versions of iOS, including an obscure SIM card related error in iOS 6.1.3.