Complex iOS 13 exploit allows viewing of contacts without unlocking iPhone

Posted:
in General Discussion edited September 2019
A new exploit shows how someone could bypass an iPhone's passcode, FaceID, or TouchID requirements to view the contact information of an iPhone running iOS 13.




A video uploaded to YouTube by Jose Rodriguez illustrates using a VoiceOver and Siri exploit can give unrestricted access to view contacts stored on an iPhone.





Rodriguez shows how the exploit works, which involves calling or FaceTiming the target iPhone. Once the call is placed, the call recipient must opt to respond with a custom message rather than answer the call. From the message screen, the user must turn on VoiceOver using Siri and then turn it back off. Following the toggling of VoiceOver, the user can add to contact field, which allows you to see the contact information of any contact in the phone.

AppleInsider was able to get the vector to work. There is some timing element on enabling and disabling VoiceOver, however, that varies based on unknown factors.

Relatively little is at stake with this exploit. Beyond the inherent danger of an assailant having your iPhone, this method only allows someone to view the contacts within the target iPhone, provided that they have physical access to the target phone and can complete the VoiceOver exploit.

Rodriguez had unearthed bypasses previously. In 2018, Rodriguez discovered another complex exploit in iOS 12 that allowed a user to use VoiceOver to access an iPhone's photos and contacts, not dissimilar to this one in iO 13.

Those looking to protect themselves from the exploit can block it entirely by disabling Siri while the phone is locked in the Passcode preferences menu.

Rodriguez reported the flaw to Apple earlier in the iOS 13 beta process.

Comments

  • Reply 1 of 11
    razorpitrazorpit Posts: 1,796member
    The other way of unlocking a phone is by putting it in my pocket. I can't tell you the number of times I feel the 'warmth' of the phone in my pocket only to pull it {the phone} out and find it on the home screen or in some other app.
    gatorguy
  • Reply 2 of 11
    I don't think I'll be losing a whole lotta sleep over this one.
    coolfactorMplsPnetrox
  • Reply 3 of 11
    razorpit said:
    The other way of unlocking a phone is by putting it in my pocket. I can't tell you the number of times I feel the 'warmth' of the phone in my pocket only to pull it {the phone} out and find it on the home screen or in some other app.
    Not sure how you can do that unless you have no passcode for the phone, or put it in your pocket with the screen still on.
    Solinetmage
  • Reply 4 of 11
    Demos like this are annoying to watch. It looks like he's uncertain about the next step to take.

    Honestly, even if that contact info is displayed, what can they do with it? Can they email my entire contact list? No. Can they start sending spam? No. I fail to see what the risk is. While it would be nice for the info to not be accessible, it's no different than a digital version of an address book that people used to keep around their house all the time. Not really considered "sensitive" information, if you ask me.
    netrox
  • Reply 5 of 11
    MplsPMplsP Posts: 3,679member
    bonobob said:
    razorpit said:
    The other way of unlocking a phone is by putting it in my pocket. I can't tell you the number of times I feel the 'warmth' of the phone in my pocket only to pull it {the phone} out and find it on the home screen or in some other app.
    Not sure how you can do that unless you have no passcode for the phone, or put it in your pocket with the screen still on.
    That's what happens to me - I accidentally put it in my pocket without locking it and the pocket liner is thin enough that the phone senses contact with my leg and stays on.

    As far as the exploit goes, once again I ask "How do people find these????"
  • Reply 6 of 11
    This has happened to 1 of my 2 XS phones. I pull it out of my pocket and the camera is on. Phone is very hot. Not liking that at all because one of the times it was in there 40 minutes while I drove to work. The battery was already half gone from full charge. So not sure what is causing it but I am damn sure it was off, as I do with both phones, before putting in my pockets.
  • Reply 7 of 11
    This has happened to 1 of my 2 XS phones. I pull it out of my pocket and the camera is on. Phone is very hot. Not liking that at all because one of the times it was in there 40 minutes while I drove to work. The battery was already half gone from full charge. So not sure what is causing it but I am damn sure it was off, as I do with both phones, before putting in my pockets.
    Steve Jobs says you're using your pocket wrong.
    razorpitnetroxFileMakerFeller
  • Reply 8 of 11
    jcs2305jcs2305 Posts: 1,304member
    This has happened to 1 of my 2 XS phones. I pull it out of my pocket and the camera is on. Phone is very hot. Not liking that at all because one of the times it was in there 40 minutes while I drove to work. The battery was already half gone from full charge. So not sure what is causing it but I am damn sure it was off, as I do with both phones, before putting in my pockets.
    Steve Jobs says you're using your pocket wrong.
    Wow the “you’re holding it wrong”  joke just never gets old ....  ;) 
    edited September 2019 razorpitmuthuk_vanalingam
  • Reply 9 of 11
    razorpitrazorpit Posts: 1,796member
    bonobob said:
    razorpit said:
    The other way of unlocking a phone is by putting it in my pocket. I can't tell you the number of times I feel the 'warmth' of the phone in my pocket only to pull it {the phone} out and find it on the home screen or in some other app.
    Not sure how you can do that unless you have no passcode for the phone, or put it in your pocket with the screen still on.
    That makes two of us. If I ever figure it out I'll let you know...
  • Reply 10 of 11
    netroxnetrox Posts: 1,221member
    it seems so cumbersome to go through to "hack" a couple of contacts. I thought I was gonna see the entire list of contacts but that's not what I am seeing.
  • Reply 11 of 11
    Seems like this is difficult to be a random attack if you have to FaceTime the target - you must already know the person in order to have their phone # or Apple ID to FaceTime their phone. 
    edited September 2019
Sign In or Register to comment.