Unraveled by Jose Rodriguez, the exploits are rather complicated, each ctains multiple steps related to Siri, Apple's VoiceOver screen there functi and, in e case, the Notes app. Both methods work iPhones with the latest versi of iOS, including models with Face ID or Touch ID biometric security.
The first of the two videos the Spanish YouTube channel from Rodriguez explains a vulnerability that allows a potential attacker to bypass both Face ID and Touch ID security protocols.
Rodriguez demstrates the process and activates VoiceOver via a Siri request. From there, he calls the target iPhone with a separate device and with the call dialog tapes the "Message" butt to create a customized text message. ce in Messages, Rodriguez moves the text selector to the "+" symbol, specifies the additi of another ctact, and then uses the secdary device to send a text message to the target iPhone, displaying a notificati. Double-tapping the target iPhone screen while the notificati is displayed seems to be causing a cflict in the iOS user interface.
Rodriguez cfirmed to AppleInsider that the secd device is required to perform the bypass.
Now that the screen is empty, Siri is reactivated and deactivated quickly. The screen remains empty, but VoiceOver's text selecti box seems to be able to go to the Messages user menu and navigate through it. By swiping back through the available optis and selecting "Cancel", the original Messages screen is retrieved, where a malicious user can add a new recipient. If you select a number using the keypad, recently dialed or received phe numbers and ctacts are displayed that ctain metadata associated with that number.
Ctinuing, the entire address book can be opened if a displayed ctact or number presents an "i" or info butt next to its respective entry. Turning VoiceOver off again via Siri and tapping the "i" ic displays the information of a ctact. If you do a 3D touch gesture the ctact avatar, optis appear before & # 39; Call & # 39 ;, & # 39; Message & # 39 ;, & # 39; Add to existing ctact & # 39; or & # 39; Create new ctact & # 39 ;. Selecting the last opti displays a complete list of ctacts.
Finally, photos can be retrieved by re-enabling VoiceOver and swiping to "Film Roll" in an invisible user menu. Navigating through recent photos, screenshots, and other folders through gestures and audio prompts allows an attacker to assign individual photos to a ctact's user ic.
A secd video describes a bypass of the lock screen that, although limited in size, shows that there is another bug in Apple's mobile operating system.
Rodriguez calls Siri again, but this time he creates a new banknote. After he has added an image to the note, he locks the phe and repeats the process. If you tap the inserted image in the secd note, a media sharing ic is displayed that, when selected, displays a blank shared folder user interface. Requesting Siri to enable VoiceOver provides access to an unseen menu with the default sharing optis for a user.
Apple still needs to address the vulnerabilities in the latest iOS 12.1 beta.
Ccerned users can minimize the exposure to the apparent errors by enabling Siri lock screen access
Rodriguez discovered a number of lock screen bypasses in earlier versis of iOS, including an obscure SIM card related error in iOS 6.1.3.