News

Bug in iOS 13 allows bypassing the lock screen and open the address book

Researcher Jose Rodriguez told The Register that the latest version of iOS 13 is vulnerable to the same type of lock screen bypass as previous versions.

Rodriguez discovered a bug that allows opening the address book without unlocking the device, back in July of this year, when iOS 13 was in beta.

Like other similar bugs, this problem requires physical access to the device.

“Bypassing the lock screen includes receiving a call and selecting to answer the call with a text message. After that you need to change the “to” field value for this message using the voice-over functionality”, – says Jose Rodriguez.

As a result, the “to” field provides access to the contact list of the device owner, thereby giving an attacker the opportunity to examine the victim’s address book without having to unlock the iPhone.

The attack in action can be seen in the video:

To prevent such an attack is quite easy, just turn off the ability to answer the call with a text message from the lock screen in the settings. Unfortunately, by default in iOS 13 this feature is active.

Read also: Deepfake financial fraud: $ 243 thousand stolen from company

Rodriguez told reporters that although this is not a critical bug, he still contacted Apple, informing the company about the vulnerability, and asked for some gift as a reward for his find. Moreover, the expert did not ask for a large monetary reward, it was a question of an Apple Store card with a face value of 1 dollar in order to save it as a trophy. At first, the companies agreed to thank the researcher, but later they told him that there would be no “prize”, since iOS 13 was in beta at that time, and the researcher was not thanked for an error found in beta.

The researcher emphasizes that the bug has not yet been fixed and works even in the latest builds of iOS 13, which should be released later this month.

Note that Rodriguez is far not the first who found such vulnerabilities in Apple products. The researcher has repeatedly found different ways to bypass the lock screen. For example, earlier similar bugs allowed accessing other people’s photos.
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button