Exploit found on iOS 13 allows hacker to see your contacts even when your iPhone is locked



Even though iOS 13 won't be released until September 19th, a security researcher named Jose Rodriguez has already posted a YouTube video (via The Verge) showing off an exploit he discovered on the next major build of Apple's mobile operating system. By making a FaceTime call and then enabling the Siri VoiceOver feature, an iPhone user can gain access to a phone owner's contacts list. That can provide the hacker with a list of phone numbers, email addresses, street addresses and more all without unlocking the device. The phone owner's photos are still protected. VoiceOver allows Siri to read the text that appears on an iPhone's display and is considered an accessibility feature for those who are blind or suffer from impaired vision.

Rodriguez says that he sent Apple a video showing the vulnerability back on July 17th, but it still shows up in the Gold Master (GM) version of iOS 13 that will be disseminated next week. Using the GM version of iOS 13 on an iPhone X, The Verge was able to duplicate the screen lock bypass. Last year, Rodriguez discovered a similar exploit on iOS 12.1 that allowed hackers to not only access the phone user's contacts but his or her photos as well. Apple subsequently patched this issue in a later update. VoiceOver was also instrumental in yet another similar exploit that allowed hackers to view an iPhone user's contacts with iOS 8 installed.

Like the exploit he discovered last year, the new iOS 13 vulnerability requires that the hacker get a hold of the target's iPhone long enough to complete the entire process. It also requires a second phone to initiate the FaceTime call with the target iPhone. Apple is expected to have this exploit patched in iOS 13.1, which should be rolled out starting on September 30th.

The video that Rodriguez sent to Apple can be found below.

FEATURED VIDEO

19 Comments

1. Rocket

Posts: 673; Member since: Feb 24, 2014

Safest OS, huh?

2. lyndon420

Posts: 6824; Member since: Jul 11, 2012

If it connects to the internet it can be hacked...despite the wishful thinking of PA's apple elite.

8. gadgetpower

Posts: 283; Member since: Aug 23, 2019

Apple’s beta is 13.1 already.

9. Dr.Phil

Posts: 2448; Member since: Feb 14, 2011

To be fair, the information you can gain from this is probably just about as much information that you can gain from doing a basic Google or Facebook search. If it was able to access photos or messages then I would be more inclined to say this is bad. Also, it does require you to have physical access to the device and know what the number is for said device to be able to Facetime it. I'm not saying it's a good thing, but I also don't think it's fair to say that you're not safe to use the device.

3. irwan92

Posts: 47; Member since: Feb 12, 2013

Its so easy to prevent this from happen. Turn off internet connection. Asks apple, they will say the same thing

10. Vokilam

Posts: 1278; Member since: Mar 15, 2018

You can just disable Siri from lock screen if you’re worried. But seriously, did you see the steps you have to take? And he info you gain is so useless. If this is the worst I’m not worried at all

13. TheOracle1

Posts: 2336; Member since: May 04, 2015

"Turn off internet connection." Yeah and turn it into a $1,000 feature phone.

4. blingblingthing

Posts: 976; Member since: Oct 23, 2012

Don't worry, only a "small" number of users will be affected.

12. oldskool50 unregistered

The usual 9?

18. Vokilam

Posts: 1278; Member since: Mar 15, 2018

Are you the same person that downplayed note 7 fiasco? What was it?... only 23 reported? LOL. Such hypocrisy.

5. Venom

Posts: 3722; Member since: Dec 14, 2017

Smh, Apple should have been on top of this especially if you were warned about it.

6. Vancetastic

Posts: 1567; Member since: May 17, 2017

Well, oops.

7. OneLove123

Posts: 1189; Member since: Aug 28, 2018

Lies!?!?

11. scarface21173

Posts: 700; Member since: Aug 17, 2014

Apple use the security thing as a marketing sell. Its a load of tosh and we all know it.

14. koioz

Posts: 164; Member since: Nov 29, 2018

This is the bad effect of closed source code software. The security depends on the secrecy of the code. Closed source software is like a room without a window but with an open door hidden. Once a hacker found that door, it will efforlessly enter the room. Open source software otherwise is like a room with many doors and windows but reinforced with reliable security, and there is a huge community of security researchers and developers that will further strengthen it. And the diagnosis of the flaw as well as the cure is faster because of the largr number of devs contantly checking and improving the code.I am not against closed source software but on my own perspective as a developer, that is the advantage of open source. A good example is Bitcoin's software, an open source code which is reliable for cryptocurrency. And most of government agencies especially in the military uses linux over ms windows.

15. slashas

Posts: 143; Member since: Jul 17, 2017

That’s why I don’t use Siri as most of exploits are done through that s**tty assistant...

16. cmdacos

Posts: 4264; Member since: Nov 01, 2016

Agree, I've deleted all apple apps that can be deleted and disabled most apple services like siri, iCloud e.t.c. Just wish you could set up without an apple id

17. Plutonium239

Posts: 1232; Member since: Mar 17, 2015

Apple has never been good at security. Before the iPhone their strategy was "security through obscurity". No one wanted to hack osx because it was such a small piece of the market. Not that hacks didn't exist. Ios and osx have been at the top of the list for most vulnerable oses for several years and so has Linux.

19. sissy246

Posts: 7124; Member since: Mar 04, 2015

Where are the top 7 fanboys now, lol Nothing is safe ever, I guess if you keep it off it is,lol

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.