In early October, the user Jose Rodriguez has discovered a vulnerability in iOS 12 allows you to bypass the password and someone else’s iPhone to access messages and contacts. For the manipulation it took him assistant Siri, VoiceOver service for scoring information on the screen, and the phone number of the victim. Further study of the vulnerability showed that about the same way you can steal pictures from someone else’s phone. The method was easier than the previous ones.
As in the previous case, for hacking requires physical access to the victim’s iPhone and his phone number. In the beginning, the author of the video called the number to activate the voice call screen the iOS. In it, he chose to answer with a text message. Writing random letters in the input field, a hacker called voice assistant Siri and asked to activate VoiceOver.
Returning to the reports, Rodriguez caused a system conflict, alternately pressing on the camera button, home key twice and touch the screen. The error occurred immediately, but the number of attempts was not limited. If successful, the challenge of the conflict appeared a black screen with an invisible user interface. In this moving gesture right and left and listening to the hints VoiceOver, the hacker found a section with photos. Double-clicking on the appropriate boxes returned to the messages.
After manipulating instead of a keyboard section is added with invisible pictures. Also moving with gestures and double clicking on invisible areas, Rodriguez sent the “wrong” photo on your smartphone.
This vulnerability iPhone iOS 12.0.1. To protect your device, it is necessary to prohibit a challenge to Siri from the lock screen. This is done in the paragraph settings “Touch ID & passcode” in the “Access on lock screen”.
To discuss this and other news about the iPhone in our Telegram chat.