Locked iPhone Accessible

Monday, November 21, 2016 @ 03:11 PM gHale


There is a lockscreen bypass technique that can allow an attacker to gain access to iPhones and iPads.

The method requires physical access to the targeted device and Siri enabled on the lockscreen, researchers said.

RELATED STORIES
Mac App Keeps Recording
Attackers Leverage iOS WebView
Apple Plugs Xcode Holes
Apple Patches Vulnerabilities

The researchers founded the EverythingApplePro and iDeviceHelp channels on YouTube.

To get in an attacker needs to figure out the device’s phone number, which can easily end up obtained by asking Siri “Who am I?” from the lockscreen. Once Siri provides the number, the attacker initiates a voice or FaceTime call to the targeted device from another phone.

When the call comes in, the attacker presses the “Message” icon and selects the “Custom” option. The iPhone or the iPad will then display a “new message” screen. There is not much a user can do from this screen, but there is a “trick” where the attacker can use Siri to activate the “VoiceOver” accessibility feature, and then double tap and hold the “to” field in the “new message” screen and immediately tap on the keyboard until some new icons appear.

This part of the exploit is not very reliable — the double tap on “to” and the tap on the keyboard may need to be repeated several times until the new icons appear. The VoiceOver feature can then be disabled using Siri.

At this point, typing any letter from the keyboard will bring up contacts under that letter. By pressing the ⓘ icon associated with a contact, the attacker can access that contact’s information and they also get a menu that includes the “Create New Contact” option.

By creating a new contact and tapping the “add photo” icon, the attacker gains access to the targeted iPhone or iPad’s photo gallery. The device does remain locked the entire time, but the lockscreen bypass does provide access to contact details and photos.

The vulnerability appears to affect all versions of iOS starting from 8.0 and up to the latest 10.2.

Until Apple releases an iOS update that addresses the issue, users can protect themselves against this hack by disabling Siri on the lockscreen.



Leave a Reply

You must be logged in to post a comment.