2 min read

Even with the latest iOS 12 update, your iPhone"s lockscreen is unsafe

Graham CLULEY

October 02, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Even with the latest iOS 12 update, your iPhone"s lockscreen is unsafe

Once again, a way of bypassing the iPhone’s passcode lock to expose users’ photos and contacts has been discovered.

Jose Rodriguez, who has uncovered vulnerabilities in iOS’s lock screen security on a number of occasions in the past, has produced a video demonstrating an (admittedly convoluted) way of accessing information on locked iOS devices that really should be out of bounds.

In a Spanish-language YouTube video published last week, Rodriguez revealed how it is possible for an attacker who has physical access to an iPhone running iOS 12 to partially unlock its contents, provided that Siri is enabled, and Face ID is either disabled or physically covered.

The complex, 37-step procedure exploits Siri and iOS’s VoiceOver accessibility feature to bypass a locked iPhone’s passcode check.

It did not take long for an English-speaking YouTuber to produce a video demonstrating the same technique on the iPhone XS Max, and crediting Rodriguez for the discovery.

Over the years there have been an embarrassing number of passcode bypass flaws found in iOS. It’s clear that, despite all of the incidents, Apple still hasn’t managed to properly secure its devices from attacks like this.

Watching the video, it’s clear that it’s quite a parlarver to go through the process of bypassing somebody’s passcode lock – but if you were determined enough (perhaps you wanted to spy on your suspicious partner’s activities?) you may well be prepared to go through with it.

Locked should mean really locked, and yet time and time again bypasses have been found which have shown that Apple’s security is not as tight as it should be.

If you worry that your supposedly locked iPhone might be vulnerable to future flaws then my advice is that you can increase your security by permanently disabling Siri from the lock screen.

To do that, go to Settings / Touch ID & Passcode, scroll down to the “Allow access when locked” section and ensure that Siri is disabled.

Yes, that might make your phone slightly less convenient. But security matters, right?

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Israeli Authorities Seized Severs of Breached Company for Not Cooperating Israeli Authorities Seized Severs of Breached Company for Not Cooperating
Silviu STAHIE

July 04, 2022

1 min read
FTC warns LGBTQ+ community of extortion scams targeting them on dating apps FTC warns LGBTQ+ community of extortion scams targeting them on dating apps
Graham CLULEY

July 01, 2022

2 min read
OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you? OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you?
Radu CRAHMALIUC

June 30, 2022

3 min read