Exploit found on iOS 13 allows hacker to see your contacts even when your iPhone is locked
by Alan Friedman / Sep 13, 2019, 6:11 PM
Even though iOS 13 won't be released until September 19th, a security researcher named Jose Rodriguez has already posted a YouTube video (via The Verge) showing off an exploit he discovered on the next major build of Apple's mobile operating system. By making a FaceTime call and then enabling the Siri VoiceOver feature, an iPhone user can gain access to a phone owner's contacts list. That can provide the hacker with a list of phone numbers, email addresses, street addresses and more all without unlocking the device. The phone owner's photos are still protected. VoiceOver allows Siri to read the text that appears on an iPhone's display and is considered an accessibility feature for those who are blind or suffer from impaired vision.
iPhone X, The Verge was able to duplicate the screen lock bypass. Last year, Rodriguez discovered a similar exploit on iOS 12.1 that allowed hackers to not only access the phone user's contacts but his or her photos as well. Apple subsequently patched this issue in a later update. VoiceOver was also instrumental in yet another similar exploit that allowed hackers to view an iPhone user's contacts with iOS 8 installed.Rodriguez says that he sent Apple a video showing the vulnerability back on July 17th, but it still shows up in the Gold Master (GM) version of iOS 13 that will be disseminated next week. Using the GM version of iOS 13 on an
Like the exploit he discovered last year, the new iOS 13 vulnerability requires that the hacker get a hold of the target's iPhone long enough to complete the entire process. It also requires a second phone to initiate the FaceTime call with the target iPhone. Apple is expected to have this exploit patched in iOS 13.1, which should be rolled out starting on September 30th.
The video that Rodriguez sent to Apple can be found below.
Posts: 661; Member since: Feb 24, 2014
Safest OS, huh?
posted on Sep 13, 2019, 6:24 PM 27
Posts: 2389; Member since: Feb 14, 2011
To be fair, the information you can gain from this is probably just about as much information that you can gain from doing a basic Google or Facebook search. If it was able to access photos or messages then I would be more inclined to say this is bad. Also, it does require you to have physical access to the device and know what the number is for said device to be able to Facetime it. I'm not saying it's a good thing, but I also don't think it's fair to say that you're not safe to use the device.
posted on Sep 13, 2019, 9:40 PM 4
Posts: 44; Member since: Feb 12, 2013
Its so easy to prevent this from happen. Turn off internet connection. Asks apple, they will say the same thing
posted on Sep 13, 2019, 7:07 PM 5
Posts: 971; Member since: Oct 23, 2012
Don't worry, only a "small" number of users will be affected.
posted on Sep 13, 2019, 7:19 PM 10
Posts: 145; Member since: Nov 29, 2018
This is the bad effect of closed source code software. The security depends on the secrecy of the code. Closed source software is like a room without a window but with an open door hidden. Once a hacker found that door, it will efforlessly enter the room. Open source software otherwise is like a room with many doors and windows but reinforced with reliable security, and there is a huge community of security researchers and developers that will further strengthen it. And the diagnosis of the flaw as well as the cure is faster because of the largr number of devs contantly checking and improving the code.I am not against closed source software but on my own perspective as a developer, that is the advantage of open source. A good example is Bitcoin's software, an open source code which is reliable for cryptocurrency. And most of government agencies especially in the military uses linux over ms windows.
posted on Sep 14, 2019, 4:17 AM 0
Posts: 137; Member since: Jul 17, 2017
That’s why I don’t use Siri as most of exploits are done through that s**tty assistant...
posted on Sep 14, 2019, 4:19 AM 1
Posts: 1217; Member since: Mar 17, 2015
Apple has never been good at security. Before the iPhone their strategy was "security through obscurity". No one wanted to hack osx because it was such a small piece of the market. Not that hacks didn't exist. Ios and osx have been at the top of the list for most vulnerable oses for several years and so has Linux.
posted on Sep 15, 2019, 1:16 PM 0
Send a warning to post author
Send a warning to Selected user.
The user has 0 warnings currently.
Next warning will result in ban!
Ban user and delete all posts
Message to PhoneArena moderator (optional):