iOS 12.1 Passcode Bypass Hack
After only a couple of hours since Apple’s released it’s latest iOS someone was able to find a passcode bypass hack, that would allow access to private contacts on a locked iPhone.
A Spanish security researcher, Jose Rodriguez, got in contact with The Hacker News to share his new discovery, that he was able to find an iPhone passcode bypass bug in the new and latest version of the iOS 12.1 a couple of hours after its release.
He showed through a video that the method of bypassing the passcode is a relatively easy task in comparison to his previous passcode bypass findings. He also commented “In a passcode-locked iPhone with latest iOS release, you receive a phone call, or you ask Siri to make a phone call (can be digit by digit), and, by changing the call to FaceTime you can get access to the contact list while adding more people to the Group FaceTime, and by doing 3D Touch on each contact you can see more contact information.”
This hack would only work if the devices involved are iPhones, but it works on all current iPhone models, including iPhone X and XS devices, that are running the new Apple mobile operating system, iOS 12.1. As he commented this attack is only possible through Apple’s new feature called Group Facetime, which has the new attribute that allows users to video chat with more contacts than ever before, allowing up to 32 people in a single chat.
Currently there is no apparent temporary measure to fix the issue, the only solution that the users seem to have is to wait for Apple to issue a software update that would address the problem.
This is not the first time Rodriguez has made a finding that involves an iPhone’s passcode and it’s bypassing. Around two weeks ago, he found a bypass hack that worked in the 12.0.1 Apple operating system and used the apps Siri and VoiceOver screen reader to get through the phone’s security, that would allow the possible attackers to access photos and contacts on a locked iPhone.
Last month he was able to find a similar bug in iOS 12, that also took advantage of Siri and VoiceOver screen reader, and allowed a possible aggressor to access the phone contents like the contacts and photos. It’s necessary to remark that these hack would only be possible if the hacker has physical possession of the phone.