2 min read

Even with the latest iOS 12 update, your iPhone"s lockscreen is unsafe

Graham CLULEY

October 02, 2018

Even with the latest iOS 12 update, your iPhone"s lockscreen is unsafe

Once again, a way of bypassing the iPhone’s passcode lock to expose users’ photos and contacts has been discovered.

Jose Rodriguez, who has uncovered vulnerabilities in iOS’s lock screen security on a number of occasions in the past, has produced a video demonstrating an (admittedly convoluted) way of accessing information on locked iOS devices that really should be out of bounds.

In a Spanish-language YouTube video published last week, Rodriguez revealed how it is possible for an attacker who has physical access to an iPhone running iOS 12 to partially unlock its contents, provided that Siri is enabled, and Face ID is either disabled or physically covered.

The complex, 37-step procedure exploits Siri and iOS’s VoiceOver accessibility feature to bypass a locked iPhone’s passcode check.

It did not take long for an English-speaking YouTuber to produce a video demonstrating the same technique on the iPhone XS Max, and crediting Rodriguez for the discovery.

Over the years there have been an embarrassing number of passcode bypass flaws found in iOS. It’s clear that, despite all of the incidents, Apple still hasn’t managed to properly secure its devices from attacks like this.

Watching the video, it’s clear that it’s quite a parlarver to go through the process of bypassing somebody’s passcode lock – but if you were determined enough (perhaps you wanted to spy on your suspicious partner’s activities?) you may well be prepared to go through with it.

Locked should mean really locked, and yet time and time again bypasses have been found which have shown that Apple’s security is not as tight as it should be.

If you worry that your supposedly locked iPhone might be vulnerable to future flaws then my advice is that you can increase your security by permanently disabling Siri from the lock screen.

To do that, go to Settings / Touch ID & Passcode, scroll down to the “Allow access when locked” section and ensure that Siri is disabled.

Yes, that might make your phone slightly less convenient. But security matters, right?

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read