2 min read

Yes, you should update your iPhone to iOS 12.1, but its lock screen is *still* unsafe

Graham CLULEY

October 31, 2018

Yes, you should update your iPhone to iOS 12.1, but its lock screen is *still* unsafe

Apple has released its first major update to iOS 12 – iOS 12.1 – bringing a host of new features to iPhones and iPads including dual SIM support, Group Facetime, and for those who needed more of them in their life – 70 new emoji.

Apple is less keen to brag about the security fixes included in iOS 12.1, which include patches for vulnerabilities that could be exploited by maliciously crafted webpages and S/MIME messages, as well as a way to access photos and notes on a locked device.

That last problem was uncovered in late September by YouTuber Jose Rodriguez, who has a long track history of uncovering vulnerabilities in iOS, and demonstrating on his “videosdebarraquito” channel his convoluted methods of accessing private data held on iPhones and iPads.

Now, within minutes of Apple rolling out its latest iOS 12.1 update, Rodriguez has done it again – releasing a brand new video video showing yet again just how an iPhone or iPad’s lock screen can be bypassed to see the phone’s complete contact list.

In the video, Rodriguez demonstrates how the passcode bypass bug appears to have been introduced by the new Group Facetime feature. The first step of bypassing the lock screen is to either first receive a phone call or asking Siri to make one on your behalf, and then changing the call to a Facetime conversation.

Once the call has switched to FaceTime, it is possible to access an iPhone’s full list of contacts by tapping “Add Person” even though the device is locked. Furthermore, even more details on contacts is available using iOS’s 3D Touch feature.

It does seem as though this particular bypass is comparatively simple, especially when compared to Rodriguez’s last discovery, which required a convoluted 37 steps to worm its way past a locked iPhone’s passcode check.

Maybe Apple should offer Rodriguez a job testing upcoming versions of their iOS operating system to see if he can find a way to break in. They would certainly find it less embarrassing to learn about these flaws before the software shipped.

If such privacy flaws concern you then my best recommendation is for you to follow the same advice I gave after Rodriguez last announced an iOS lock screen bypass:

Permanently disable Siri on your lock screen. Time and time again, Siri has been found to be at the root of many of Apple’s problems when it comes to securing its mobile devices from unauthorised access.

If you care about security, you’ll disable Siri on the lock screen by going to Settings / Touch ID & Passcode, scroll down to the “Allow access when locked” section and ensuring that the feature is disabled.

Ultimately it’s your decision. Having Siri accessible via your lock screen may sometimes be convenient, but it is also a weak point in your iPhone or iPad’s security.

tags


Author



Right now

Top posts

Ultimate Privacy Guide for Your Facebook Account

Ultimate Privacy Guide for Your Facebook Account

August 31, 2021

6 min read
7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

7 Signs It’s Time to Use Parental Controls On Your Family’s Devices

August 27, 2021

2 min read
Your Netflix Account May Be on Sale on Darkweb. Protect It

Your Netflix Account May Be on Sale on Darkweb. Protect It

August 13, 2021

3 min read
E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

How to keep your Android device immune to malicious vaccine themed apps How to keep your Android device immune to malicious vaccine themed apps
Cristina POPOV

April 22, 2021

2 min read
Facebook Takes Down Two Hacking Groups Operating out of Palestine Facebook Takes Down Two Hacking Groups Operating out of Palestine
Silviu STAHIE

April 22, 2021

2 min read
Ransomware attack causes supermarket cheese shortage in the Netherlands Ransomware attack causes supermarket cheese shortage in the Netherlands
Graham CLULEY

April 13, 2021

2 min read