Apple’s iOS security team must be starting to feel as if they’re being besieged by security sleuth José Rodríguez.
In his latest YouTube proof-of-concept, the Spaniard demonstrates how an attacker with physical access to an Apple device running iOS 12.0.1 (including the latest X and XS models) can gain access to photos stored on it.
The bypass needs 13 steps and requires good timing but at the end of the process, photos can be extracted by selecting and sending them to any number.
Embarrassingly, Apple released iOS 12.0.1 last week to address a range of issues that had cropped up with iOS 12, including two separate lock screen bypass flaws publicised by Rodríguez in late September.
Admittedly, one of these was more serious because it allowed access to a device’s contacts, emails, telephone numbers, and photos, but at 37 steps it was also a lot trickier to pull off than his latest compromise.
The root cause of the issue is the same in all of these – namely using Siri to activate VoiceOver to perform certain tasks without having to unlock the phone.
VoiceOver is a vision accessibility feature that appeared in iPhone OS 3 (as it was then) in 2009.
While it’s true that researchers are always going to find unusual flaws from time-to-time, that one researcher has managed to uncover three in under a month is pretty special.
Rodríguez has form when it comes to finding lock screen bypasses, having discovered several others between 2013 and 2016.
The annoying thing for Apple is that one of iOS 12’s biggest draws when it launched in mid-September was supposed to be the way it tightened up security.
Apple will no doubt add the latest bypass to its fix list for the iOS 12.1 update later this month but until then mitigating the problem can be achieved by disabling Siri’s lock screen access: go to Settings → Siri & Search and turn off Allow Siri when locked.
Click on the tweet below to see what the relevant settings page looks like (6-second video):
There’s another iPhone lock screen bypass out and once again it needs Siri available - so locking up your lock screen is once again a smart move... pic.twitter.com/eVOzB6DjEJ— Naked Security (@NakedSecurity) October 16, 2018
Purists might conclude that perhaps Siri and the lock screen don’t work well because they are trying to do two incompatible things – lock the screen for security reasons while allowing this to be bypassed with voice commands.
Will Apple ever resolve the trade-off this involves? Apple’s iOS users must be starting to wonder.
3 comments on “New iPhone lock screen bypass exposes your photos”
No problem. I have Siri turned off.
I was going to put that in the video as an alternative but to many people (strangely IMO) that would be a step too far…
Thief: Siri, how do I access an iphone with the screen locked?
Siri: I found a page made this week on that subject. Would you like me to read it to you?
Their: Yes, can you use Alexi’s voice please?
Siri: I’m not talking to you.