New iPhone Passcode Bypass Method Found Days After Patch
18.10.2018 securityweek
Apple

A new method that can be used to bypass the iPhone lockscreen and access photos stored on the device was disclosed just days after Apple released a patch for a similar vulnerability.

In late September, iPhone enthusiast Jose Rodriguez, known for his YouTube channel videosdebarraquito, discovered yet another method for bypassing the iPhone lockscreen. The technique works on the new iPhone XS running the latest version of Apple's mobile operating system, iOS 12.

Rodriguez showed how an attacker with physical access to the targeted device could leverage a combination of Siri and the VoiceOver feature to access photos and contacts from the phone.

Apple patched the vulnerability, which it tracks as CVE-2018-4380, on October 8 with the release of iOS 12.0.1.

However, a few days later, on October 12, Rodriguez demonstrated another passcode bypass that worked on iOS 12.0.1 as well.

The newest method also involves Siri and VoiceOver, the accessibility feature that allows individuals with visual impairments to use their Apple device by having the content of the screen and selected buttons read out to them.

The attack starts by calling the targeted device. If the phone number is not known, the attacker can have Siri read it out to them. Once the call is made, the hacker selects the Messages icon from the call screen and activates VoiceOver via Siri.

Similar to the previous passcode bypass, VoiceOver is used to navigate through hidden buttons and functions. The buttons are not visible on the screen, but VoiceOver can "see" and activate them. This allows a hacker to gain access to the Photo Library and open recent images stored there.

Compared to the previous bypass, the latest method is easier to replicate and it not only provides access to photos, but also allows the attacker to send the files to another device. In addition, the new technique poses a greater risk as the photos can be sent to a different device in full resolution the prior hack only provided access to a smaller size preview image.

Apple will likely patch this vulnerability in an upcoming version of iOS.