iOS 12.1 lockscreen security flaw can expose your contacts list, here's how to protect yourself
by Plamen Dimitrov / Nov 01, 2018, 5:34 AM
Apple's software updates for the iPhone, iPad, and Apple Watch have been out for a couple of days, and so far, the rollout isn't exactly going smoothly. The company had to pull WatchOS 5.1 after receiving reports that the update bricked certain Apple Watch Series 4 units, and now, it appears that some issues have slipped into the latest version of iOS as well.
A lockscreen security flaw that is specific to iOS 12.1 has been discovered by Jose Rodriguez. On October 31, the YouTuber uploaded a video showing how lockscreen passwords on an iPhone can be bypassed in order to gain access to the owner's contact list via Siri.
Asking the voice assistant to make a phonecall and then switching to FaceTime allows attackers to exploit the new group FaceTime feature into adding more people to the call. From there, the user's complete contact list is exposed, and malicious parties can even use 3D Touch in order to get more info on people on the list.
Keep in mind that this exploit requires the attacker to have physical access to your phone, so we recommend that you don't leave it unattended. Apple will most likely address the issue soon, but if you want an immediate fix, just disable the activation of Siri from your lock screen. This is done by going to Settings -> Siri & Search -> Access When Locked.
Posts: 697; Member since: Jan 30, 2017
The most secure OS in the WORLD!
posted on Nov 01, 2018, 5:36 AM 13
Posts: 2293; Member since: Feb 14, 2011
And yet every Android not running the latest Pie is subject to a pretty major security flaw that would affect you even more since you don’t need physical access. https://bgr.com/2018/09/01/and
posted on Nov 01, 2018, 8:12 AM 2
Have you even read the article? Apart from the information being not that important (mostly network data like MAC and DNS and such), it only works for apps installed on your phone. Since an app doesn't install itself, you do need physical access. Doesn't mean it isn't an issue, but it's not a biggie. Having said this, I don't consider this iOS flaw big either, since they will patch it soon anyway.
posted on Nov 02, 2018, 5:42 AM 0
Posts: 3099; Member since: Apr 15, 2016
Every new update is just fixing bug that shouldn't be there in first place, while adding new bug that will get fixed in the next update. And sheeple will still bragging about how iOS always release updates every now and then.. Monthly stable and bug-free update > Weekly bugged update with a chance of bricking device.
posted on Nov 01, 2018, 5:57 AM 7
Posts: 22; Member since: Jan 13, 2016
That's when you see that those full roll-outs are dangerous and even though not having a good image with the end-user, the staged roll-outs that Google does is much better to avoid those kind of bugs hitting everyone.
posted on Nov 01, 2018, 6:06 AM 0
Posts: 3098; Member since: Jan 23, 2014
Yeah sure, the Pixel series has been such a successful, bug-free release. Nigg* please.
posted on Nov 01, 2018, 7:48 AM 4
Posts: 653; Member since: Nov 13, 2012
Meh I disabled Siri the moment I activated my iPhone, so nothing to worry about. Besides, why update immediately? I always wait a week or two to see what exploits are up and decide whether is viable or not to update.
posted on Nov 01, 2018, 8:28 AM 0
Send a warning to post author
Send a warning to Selected user.
The user has 0 warnings currently.
Next warning will result in ban!
Ban user and delete all posts
Message to PhoneArena moderator (optional):