Another day, another update, another iPhone lockscreen bypass – Naked Security

Apple keeps releasing iOS updates and Spanish researcher José Rodríguez keeps finding new ways to bypass each version’s lockscreen security.

This week’s target was iOS 12.1, which appeared on Tuesday. By Wednesday, Rodríguez had posted a YouTube video showing how the lockscreen could be beaten with the help of Siri and Facetime to reveal the device’s contact phone numbers and email addresses.

Apart from having physical access to the target iPhone, all an attacker would need is the phone number of the target (if they don’t know the number, they can just ask Siri “who am I?” from the target phone).

The attacker would then:

  • Pick up the call
  • Initiate FaceTime from the call menu screen
  • Swipe up and enable airplane mode
  • Immediately tap the (…) icon (for iOS 12.1.1 swipe up on the panel at the bottom)
  • Tap “Add Person”
  • Tap the (+) icon

Hey presto! They can scroll though the contact information.