THE iOS 13 will be released this Thursday (19/9), but if you think that the new mobile operating system from Apple does not present (or did) any «security breach», it may be better to reconsider.
Unlike malware and spyware (which helps hackers break into devices to collect information from users), there is a more «handy» way to bypass iOS’s defense systems and access certain information from a device – which we’ve already mentioned a few times .
Once again, the Spanish hacker Jose Rodriguez pointed to a new iOS flaw that makes it possible to access contact data from iPhones; this time, however, the problem affects the new version of the OS on the eve of its release to the general public.
The “technique” used by Rodriguez to exploit the loophole is similar to that demonstrated by him in the failure involving iOS 12.1. As it is possible to see in the video above, to circumvent the iOS 13 lock screen and access the contact data of an iPhone, this device must receive a call to be able to access the Messages app; from there, he “plays” with Siri to activate / deactivate the VoiceOver feature until he sees the device’s contacts.
When viewing a specific contact’s card, it is possible to obtain email addresses, address information in addition to a person’s own number. Both the AppleInsider how much The Verge reproduced the above procedure and said that the version Golden Master (GM) of iOS 13 still has the flaw, but the problem seems to have been solved in iOS 13.1, which is already in the third test version and will be released later this month (9/30).
Although potentially invasive, for this process to be successfully completed, physical access to the iPhone and some time are required for all steps to be carried out; moreover, the attacker must know your number / email in order to make a call (or a FaceTime call) to your device.
Still, if you have a flea behind your ear in situations like this, know that you can protect yourself against this type of invasion by disabling Siri on the locked screen (Settings »Touch ID / Face ID and Code» Siri), making it impossible for the person to turn on VoiceOver, and so on.
