This new hack requires much less effort than the previous one, as it leaves any iPhone user vulnerable to a distrustful partner, curious college, friend or roommate who could access your iPhone’s photo album and grab your private photos.
iOS 12.01 Vulnerability
A security researcher, Jose Rodriguez, discovered a passcode bypass vulnerability in Apple’s iOS 12 late last month. On the latest iOS 12.0.1, another bypass bug was also discovered.
With these vulnerabilities, anyone with physical access to your locked iPhone can access your photo album, select photos, and send them to anyone using Apple Messages.
The New Hack
The new passcode bypass requires about 10 steps to get executed, as follows:
- Call the target iPhone from any other phone (if you don’t know the target’s phone number, you can ask Siri “who I am,” or ask Siri to make a call to your phone number digit by digit).
- Don’t answer the call by picking it up, instead of tap on “Messages” (by default in iOS comes on) and tap on “Custom” to reply via text message.
- Type any word in the text message box.
- Ask Siri to enable VoiceOver, a service meant for sight-impaired users.
- Tap on the camera icon.
- Invoke Siri with the iPhone’s home button and at the same time double-tap the phone’s screen (it does not work then repeat many times).
- When the screen comes black, swipe your finger on the screen up to the top left corner where VoiceOver will read aloud what you have selected. Keep swiping until VoiceOver reads “Photo Library.”
- Double tap on the screen to select Photo Library. This will take you back to the message screen, but you’ll see a blank space in the place of the keyboard. It is actually an invisible Photo Library.
- Now swipe your finger up to VoiceOver read aloud the characteristics of each photo.
- Double-tap on a photo will display it while adding the picture to the text box, which you can then send to any number.
The new passcode bypass method works on all current iPhone models, including iPhone X and XS devices, running the latest version of the Apple mobile operating system, i.e., iOS 12 to 12.0.1.
No Solution Just Yet
Apple will need to come up with a security patch, but until then you can temporarily fix the issue by disabling Siri from the lockscreen.
Go to the Settings → Face ID & Passcode (Touch ID & Passcode on iPhones with Touch ID) and Disable Siri toggle under “Allow access when locked.”
Apple will address the issue in a software update to prevent this hack that allows attackers access to personal photos.
Original Article Found Here.