One more: iOS 12.1 breach gives contacts access

The spanish hacker Jose Rodriguez, YouTube channel owner videosdebarraquito, specializing in finding flaws in the iPhone Lock Screen and spreading them to the world like the one we talked about in late September, which was quite complex.

Now, with the arrival of iOS 12.1, a new video has been published exploring a breach of the new version of the operating system that equips iPhones, iPads and iPads touch more precisely, exploiting the new FaceTime feature as a group.

With it, even on the locked screen of the device you can have access to contacts. How? Simple. I mean, it's not that simple, but it's still possible: as the video above shows us, the loophole involves asking Siri to call a number / contact. After the call starts, I then need to touch the FaceTime button, access the Control Center, activate Airplane Mode, return the call interface and touch the “” button, then “Add person” and finally the “ + ”To access contact list.

It is interesting to note that the failure occurs on many iPhones, except those that do not have 3D Touch technology. This is because, when facing the contact list, I need to use 3D Touch technology to view the "card" with the contact information in question. So, in the case of iPhone XR or iPhones 6/6 Plus (and earlier), the most that the malicious person can see is just the names of the contacts.

As always, there is no need for us to leave desperate because of this failure. In addition to the malicious person having to have the victim's iPhone in their hands, Siri needs to be enabled on the Lock Screen (something you can change in seconds if you are concerned about the vulnerability by going to Siri and Search Settings and disable the "Allow When Locked" option).

Apple is already testing the first beta of iOS 12.1.1, and who knows, maybe in the next release, fix this problem.

via The Verge, AppleInsider