iOS 12.1 still has a Lockscreen bypass bug

Earlier this week, the latest iOS 12.1 update started rolling out on compatible iPhone and iPad devices. The new update fixes the lockscreen bypass bug found in iOS 12, however, Spanish security reseacrher Jose Rodriguez has found another way to bypass the lock screen in iOS 12.1.

According to a video posted on YouTube, the bug exploits Group FaceTime calls which allows anyone access to an iPhone’s contact list without the passcode. Like most lockscreen bypass bugs, it requires an attacker’s physical presence to access an iPhone’s contact list. The attacker can then exploit the bypass bug by either receiving a call or asking Siri to make one and then change the call to FaceTime.

Once the call is on FaceTime, the attacker can access an iPhone’s full contact list by selecting ‘Add Person’, even though the iPhone is locked. Besides, the attacker can see more contact information by using the the 3D Touch feature found in iOS.

“In a passcode-locked iPhone with latest iOS released today Tuesday, you receive a phone call, or you ask Siri make a phone call (can be digit by digit), and, by changing the call to FaceTime you can access to the contact list while adding more people to the Group FaceTime, and by doing 3D Touch on each contact you can see more contact information,” said security researcher Rodriguez to The Hacker News.

Furthermore, Rodriguez also added that the new passcode bypass bug works on all iPhones compatible with Apple’s Group FaceTime feature found in iOS 12.1. Users, however, can mitigate the new passcode bypass bug by disabling Siri on the Home Screen.

Well, this isn’t the first time iOS enthusiastic and security researcher Jose Rodriguez has managed to get past iOS lockscreen and access iPhone data. With the same workaround, he was able to bypass the lockscreen on iPhones running iOS 12. As for Apple, the iPhone-maker is likely to roll out a definitive security update in order to prevent similar instances from happening in the future.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.