19 Oct 2018

A security researcher has discovered a passcode bypass bug that works on the latest Apple iOS 12.0.1 which was released last week. The Spanish amateur researcher was Jose Rodriguez who has also disclosed the passcode bypass vulnerability in iOS 12 last month which permits the hackers to gain physical access to your iPhone and retrieve your contacts and photos.

The latest hack allows any person with physical access to your locked iPhone to access your photo album, choose them and send to anyone using Apple Messages. This hack requires less effort than the previous one which makes your phone more vulnerable to be accessed by anyone to get your private photos.

How to Bypass iPhone Lock Screen to Access Photos

Check the video demonstration

Similar to other passcode bypass hacks, the new hack makes use of Siri and VoiceOver screen reader to pass through your phone’s defenses.

The following 10 steps are required for the code to get executed:

  • Call the target iPhone from another phone (if you don’t know the target’s phone number, you can ask Siri “who I am,” or ask Siri to make a call to your phone number digit by digit).
  • Don’t pick up the call to answer it, instead, tap on “Messages” (by default in iOS comes on) and tap on “Custom” to reply via text message.
  • Type any word in the text message box.
  • Using Siri enable VoiceOver which is a service meant for sight impaired users.
  • Tap on the camera icon.
  • Invoke Siri with the iPhone’s home button and double-tap the phone’s screen at the same time. (if it does not work then repeat many times).
  • When the screen becomes black, swipe your finger on the screen up to the top left corner where VoiceOver will read aloud what you have selected. Keep swiping until VoiceOver reads “Photo Library.”
  • Double tap on the screen to select Photo Library. This takes you back to the message screen, but you can see a blank space in the place of the keyboard which is actually an invisible Photo Library.
  • Now swipe your finger up to VoiceOver read aloud the characteristics of each photo.
  • Double-tap on a photo to display it and it adds the picture to the text box, which you can then send to any number.

The new passcode bypass method works on all current iPhone models, including iPhone X and XS devices which runs the latest version of the Apple mobile operating system, i.e., iOS 12 to 12.0.1.

Apple is yet to come up with a security patch but you can temporarily fix it by disabling Siri from the lockscreen.

How to disable Siri

Go to the Settings → Face ID & Passcode (Touch ID & Passcode on iPhones with Touch ID) and Disable Siri toggle under “Allow access when locked.”

Disabling Siri would reduce your iOS 12 experience but in order to prevent attackers from misusing the feature and breaking into your iPhone this has to be done.

Technical Writer,  Blogger,

Leave your thought

This site uses Akismet to reduce spam. Learn how your comment data is processed.