Slashdot Mirror

← Back to Stories (view on slashdot.org)

iPhone XS Passcode Bypass Hack Exposes Contacts, Photos (threatpost.com)

Posted by BeauHD on from the if-there's-a-will-there's-a-way dept.

secwatcher shares a report from Threatpost: A passcode bypass vulnerability in Apple's new iOS version 12 could allow an attacker to access photos and contacts (including phone numbers and emails) on a locked iPhone. The hack allows someone with physical access to a vulnerable iPhone to sidestep the passcode authorization screen on iPhones running Apple's latest iOS 12 beta and iOS 12 operating systems. Threatpost was tipped off to the bypass by Jose Rodriguez, who describes himself as an Apple enthusiast and "office clerk" based in Spain who has also found previous iPhone hacks.

Rodriguez posted a video of the bypass on his YouTube channel under the YouTube account Videosdebarraquito, where he walks viewers through a complicated 37-step bypass process in Spanish. Threatpost has independently confirmed that the bypass works on a number of different iPhone models including Apple's newest model iPhone XS. The process involves tricking Siri and Apple's accessibility feature in iOS called VoiceOver to sidestep the device's passcode. The attack works provided the attacker has physical access to a device that has Siri enabled and Face ID either turned off or physically covered (by tape, for instance).

23 comments

  1. NSA HAS THE GOODS ON KAVANAUGH NOW? by Anonymous Coward · · Score: 0

    Good. Goooood!

  2. well by bmimatt · · Score: 1

    The logical conclusion is that office clerks in Spain have too much time on their hands and tend to toy with iPhones while at work.

    1. Re: well by Anonymous Coward · · Score: 0

      For sure. 37 steps? Get a life dude.

  3. Phil left this out of his iPhone presentation by JoeyRox · · Score: 3, Funny

    "This is the best iPhone we've ever made...for anyone who wants to bypass our industry-leading secure enclave technology"

  4. Hacking Siri by mentil · · Score: 3, Insightful

    Seems even Siri is vulnerable to social engineering hacks. /s

    --
    Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
    1. Re:Hacking Siri by mentil · · Score: 3, Funny

      Luckily, as with all women, I turned off Siri when I first met her.

      --
      Corruption is convincing someone that the selfless ideal is the same as their selfish ideal.
    2. Re:Hacking Siri by Anonymous Coward · · Score: 0

      Luckily, as with all women, I turned off Siri when I first met her.

      Even luckier for me, my 'man-stink' turns them off before they even see me.

    3. Re:Hacking Siri by antdude · · Score: 1

      But Siri turns a lof of guys like Raj and me: https://www.youtube.com/watch?... ;)

      --
      Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
  5. Re: TRUMP by TimMD909 · · Score: 1

    I appreciate your well thought out commentary on the current political climate. Obviously, you are wise beyond your years. It's also not opposite day.

  6. misleading a bit by paul_nz · · Score: 1

    iPhone xs is not ithe same as os12

    1. Re:misleading a bit by Anonymous Coward · · Score: 0

      Exactly. This crappy code is on most iphone at this point. Congrats apples. Great security.

  7. Not as simple as it seems. by mark-t · · Score: 1

    "...Use another iPhone and phone call or FaceTime call the target iPhone..."

    I don't think there's a way to identify what the phone number of a random iPhone is without unlocking it first, is there?

    --
    File under 'M' for 'Manic ranting'
    1. Re:Not as simple as it seems. by Anonymous Coward · · Score: 0

      I guess you could just wait until someone calls the phone, and probably the owner will call their own phone at some point.

    2. Re:Not as simple as it seems. by functor0 · · Score: 2

      Can't you just take out the SIM card and read the phone number off of it?

    3. Re:Not as simple as it seems. by ole_timer · · Score: 1

      uh...no

      --
      nothing to see here - move along
  8. Missed naming opportunity by alvinrod · · Score: 2, Funny

    Apparently the XS wasn't "excess", but "access". Must be the Silicon Valley accent that threw me.

  9. Finally by Anonymous Coward · · Score: 0

    Glad to see that Microsoft finally released iOS 12.

  10. Re: TRUMP by Anonymous Coward · · Score: 0

    I feel like these are false-flag posts are meant to portray those in opposition to the current ruling party in a negative light, and disrupt logical thought in general

  11. apple is terrible at software. by Anonymous Coward · · Score: 0

    just terrible,
    Its kinda sad. But its apple so fuck them.

  12. How ODD. by Hallux-F-Sinister · · Score: 0

    I thought Apple was going to focus on internal improvements and making things better and more secure, not flashier and more exciting. Then they release the iPhone ECKS-ESS (and, I assume, ECKS-SMACKS, too,) and sure enough, it's new and flashy and emphatically NOT READY FOR PRIME TIME. Apple has all the credibility of a Google telling folks they're not evil at this point.

    Apple is really trying to see exactly how much crap their fans will take before leaving their ecosystem.

    --
    Our reign has gone on long enough. Indeed. Summon the meteors.
    1. Re: How ODD. by Anonymous Coward · · Score: 0

      You sir are a fuckwit. Keep trolling.

  13. XS? by OneHundredAndTen · · Score: 0

    This phone's price is XSessive. I guess so are its bugs.