Apple likes to pride itself with strong security in iOS, but for all theĀ platitudes the fact remains that the iPhone’s Lock screen isĀ one of iOS’s weakest links. And now, YouTuber iDeviceHelp has discovered a new Lock screen vulnerability that lets anyone in possession of your iPhone bypass theĀ passcode and get toĀ yourĀ contacts and photos. The bug has been reported to Apple and should be fixed in a future update.
The trick involves calling another person’s mobile phone number via FaceTime or cellularĀ andĀ tapping the Message option on their deviceĀ to get to the Messages screen.
From there, you’ll use Siri to enable VoiceOver which lets youĀ exploit the vulnerability and gain accessĀ to theĀ Photos library and contacts. The method is a bit finicky as you’ll need to get the timing of your taps right butĀ onceĀ you get the hang of it, it’ll work like a charm.
AfterĀ a few tries, I was able to successfully reproduce the steps outlined in EverythingApplePro’sĀ how-to video to confirm that it works as advertised on an iPhone 7 running iOS 10.1.1. I could browseĀ all of the photos even though the phone was locked the whole time.
How to unlock any iPhone photos without a passcode
1)Ā Press and holdĀ the Home button on the device you want to break into and ask Siri, āWho am I?ā. AĀ contact card goes up letting you see aĀ person’s mobile phone number and any email addresses associated with iMessage (if they disabled Siri access on the Lock screen, you’ll be out of luck).
2) From your own iPhone, iPad or iPod touch, launch FaceTime and call the persons’s number.
3) When their device starts ringing, tap the Message option on theĀ Lock screen and select the option in the popup menu labeled Custom…
4) A Messages sheet pops. You’ll notice that the TO field is pre-populated with the caller’s contact information. Now press and holdĀ the Home button and ask Siri to āTurn on VoiceOverā.
5)Ā With the VoiceOver feature turned on, double tap the TO field at the top withĀ the caller’s information, then immediately tap anywhere on the keyboard. Make sure you double tap the empty section, not the name.
You want the three icons (Camera, iMessage Apps and App Store) onĀ the left of the Messages text field to appear right after tapping the keyboard. It’ll certainly take a few tries until you get this right.
After the icons show up, VoiceOver’s focus should remainĀ on the TO field at the top.
6) If you see both a black rectangle around the TO field and the three icons to the left of the Messages text field, invoke Siri again and tell her to āDisable VoiceOverā.
7) Due to a bug in iOS, anything typed on the keyboard at this point will be directed to the TO field where it shouldn’t really be sent. This has some unintended consequences, as you’ll see later. NowĀ tap aĀ key, any key on the keyboard and see if Messages displays any matching contacts with an āiā icon next to them.
If not, tap another key and so forth.
8) Tap āiā next to a contact to get to their full contact card.
9)Ā You’re on the contact card screen. Now scroll down and tap Create New Contact.
10) On the New Contact screen, tap Add Photo below the mugshot icon, then tap Choose Photo. And there you go: you’ve just accessed all of the photos on the person’sĀ iPhone, without a passcode.
If you inspect the iOS status bar closely, you shouldĀ see the padlock icon.
Although the device is locked, you can tap All Photos or Camera Roll to seeĀ the complete Photos library.Ā You can even see their Recently Deleted album and browse their hidden shots and videos.
Of course, we don’t expect anyone to exploit this vulnerability for nefarious purposes aside from perhapsĀ pranking yourĀ friends or making sure your significant otherĀ is not cheating on you.
Just kidding, we do not condone privacy breaches of any sort. The contents of any person’s iPhone are their business, not yours. Just because there’s a bug in iOS that makes it possibleĀ to bypass the Lock screen doesn’t mean you should take advantage of it and sniffĀ around other people’s phones.
Obviously, you can protect yourself quite easily from this bugĀ until a patchĀ is releasedājust disable access to Siri and the Reply with Message feature from the Lock screen. Go to Settings ā Touch ID & PasscodeĀ and slide Siri and Reply with MessageĀ toggles below the Allow Access When Locked headline to the OFF position.
This should ensure that no one will be able to invoke Siri on the Lock screen to find out your mobile phone number or use the Message option when the phone call comes in toĀ get to your photos.
As mentioned, this significant security leak has already been reported to Apple and is likely going toĀ beĀ fixedĀ in a future iOS software update. So how far back does this go? According to the poster, the vulnerability is exploitable on the latest iOS 10.2 beta 3 as well as iOS builds for older devices.
It even works on iPads and the iPhone 4s.
That’s kinda ofĀ a big deal because Apple officially no longer supports the iPhone 4s meaning it stopped releasing any updates for it beyond iOS 9.3.5. However, this newly found Lock screen bypass willĀ likely be fixed for iPhone 4s owners in the form of iOS 9.3.6 or a quick emergency update.
Have any of you guys ben able to reproduce this obvious bug in iOS?
And if so, what did you think of it?
Source: iDeviceHelp on YouTube