A security researcher has unearthed an exploit that allows hackers to bypass the lockscreen on iOS 13. The exploit not only allows you to bypass lock screen but also gain access to all the contact information on the iPhone. If left unchecked the exploit will potentially allow anyone to access your private information without unlocking the device.
Jose Rodriguez was the one to discover the exploit. He had reported the exploit to Apple on July 17th, however, the exploit is still working on Gold Master (GM) version of iOS 13 which will be released on September 19th. This is not the first time Rodriguez has discovered a lock screen exploit. Last year he had uncovered an exploit that was similar in nature.
The previous exploit worked by activating a FaceTime call and then using SIRI to gain access to the contact list. Once through you will be able to access all the information like email addresses, phone numbers, address information from the stored contacts.
That being said you will not be able to access Photos and the exploit works only on iOS 13 GM on iPhone X. In all the cases the threat actor uses voice over option to gain access. The researcher has found that the exploit can also be carried out on iOS 13.1 betas which will be made available on September 30th.
Our Take
Apple needs to take cognizance of the exploit and patch it as soon as possible. Voiceovers and virtual assistants are great when it comes to convenience, however, sometimes, the feature ends up as a gateway for exploits. Security researchers have found a string of exploits that abuse voiceover feature on iOS. We hope that a patch will put an end to this exploit on iOS 13.1.