Technology
New hack bypasses iPhone’s lock screen on iOS 12
/https%3A%2F%2Fblueprint-api-production.s3.amazonaws.com%2Fuploads%2Fcard%2Fimage%2F856021%2Fc86e70bd-e25b-4c0d-b073-5218b9fcbaae.jpg)
Image: Lili Sams/Mashable
2018-10-02 13:58:03 UTCApple’s iPhone is advertised as a highly secure device, which is why it’s a bit funny when someone easily beats its security shortly after a major new version of iOS is released.
A YouTube video posted last week alleges that it’s possible to bypass the lock screen of an iPhone running iOS 12 without knowing the password, and access both contacts and photos.
The process, discovered by security researcher Jose Rodriguez, is a bit convoluted and requires invoking Siri to enable Voiceover, then sending a text message from another phone to the iPhone. Then, a double-tap at the right moment grants you access to features and commands you shouldn’t be able to access, invisible behind a white screen but still accessible by swiping across the screen. One of these then enables you to access the phone’s contacts, while a more complicated hack (but also doable without any special equipment or expert knowledge) lets you access photos on the phone.
The original video, in Spanish, shows the trick working on what looks like the iPhone 8, but the same technique was recreated on an iPhone XS Max in another (English) video by EverythingApplePro, below. Apparently, the bug is present in iOS 12 (and the iOS 12.1 beta) and works on all Apple devices that can run it.
An attacker would definitely need physical access to the phone and some time with it to perform this hack, so it’s not something that could happen while the iPhone is in your pocket. Furthermore, the trick does not give you complete control of the locked phone. But being able to gain unauthorized access to contacts and photos is a serious security issue on its own.
Naked Security points out that it’s possible to protect your iPhone from this hack by disabling Siri’s lock screen access; the option to do that can be found in Settings > Face ID & Passcode.
Rodriguez has been doing this sort of thing for a while now. I wrote about a similar hack he’s done in iOS 9 back in 2016, but judging by his YouTube channel he’s been cracking the iOS lock screen since iOS 5.1.
We’ve asked Apple about this issue and will update the article when we hear from them.
!function(f,b,e,v,n,t,s){if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};if(!f._fbq)f._fbq=n;
n.push=n;n.loaded=!0;n.version=’2.0′;n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];s.parentNode.insertBefore(t,s)}(window,
document,’script’,’https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘1453039084979896’);
if (window.mashKit) {
mashKit.gdpr.trackerFactory(function() {
fbq(‘track’, “PageView”);
}).render();
}
Intel has already received $2.2B in federal grants for chip production
How to quit social media: This Gen Z-er has a plan
DeepSeek exposed internal database containing chat histories and sensitive data
How to watch ‘Babygirl’ at home: Streaming release date
Meta says end of fact-checking hasn’t impacted ad spend
A psychologist’s advice on how to limit social media’s harmful effects on kids
ChatGPT’s mobile users are 85% male, report says
NASA’s Webb telescope threatened with budget cuts. They would hit hard.
DeepSeek: Everything you need to know about the AI chatbot app
‘Jimpa’ review: Does Sundance’s buzzed-about queer family drama live up to the hype?
CES 2025 highlights: 12 new gadgets you can buy already
‘American Primeval’ review: Can Netflix’s grimy Western mini-series greatest ‘Yellowstone’?
Eight ways Mark Zuckerberg changed Meta ahead of Trump’s inauguration
Tesla launched the new Model Y in China. Here’s what you need to know
Meta ditches fact-checking for community notes ahead of second Trump term
Space calendar 2025: Here are the moments you won’t want to miss
How to donate to LA fire victims, and avoid falling for scams
CES 2025: Hands on with the airy Asus Zenbook A14
‘Night Call’ review: A bad day on the job makes for a superb action movie
Webb telescope just solved the ‘universe-breaking problem’
Intel has already received $2.2B in federal grants for chip production
How to quit social media: This Gen Z-er has a plan
DeepSeek exposed internal database containing chat histories and sensitive data
How to watch ‘Babygirl’ at home: Streaming release date
Meta says end of fact-checking hasn’t impacted ad spend
A psychologist’s advice on how to limit social media’s harmful effects on kids
ChatGPT’s mobile users are 85% male, report says
NASA’s Webb telescope threatened with budget cuts. They would hit hard.
DeepSeek: Everything you need to know about the AI chatbot app
‘Jimpa’ review: Does Sundance’s buzzed-about queer family drama live up to the hype?
-
Entertainment6 days ago‘Presence’s Steven Soderbergh and David Koepp on ghosts, horror, and hating winks
-
Entertainment7 days agoWhat are immigration red cards? How the internet is rallying behind undocumented workers
-
Entertainment6 days ago‘Pee-wee as Himself’ review: Paul Reubens’ documentary is a must-see for ‘Playhouse’ fans
-
Entertainment6 days agoTikTok ban: Influencers brace for an uncertain future
-
Entertainment5 days agoFilms by Black creators to watch on Netflix
-
Entertainment3 days ago‘Dimension 20’s ‘Gauntlet at the Garden’ was a euphoric experience for ‘Dungeons and Dragons’ fans everywhere
-
Entertainment6 days agoHow to stop doomscrolling with apps you already have
-
Entertainment3 days ago‘If I Had Legs, I’d Kick You’ review: Rose Byrne stuns in nauseating thrill ride about motherhood
