Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Identity & Access

iOS Lockscreen Bypass Abuses New Group FaceTime Feature

Just hours after Apple announced the availability of a new FaceTime feature in iOS, iPhone enthusiast Jose Rodriguez, known for his YouTube channel videosdebarraquito, found a way to bypass a device’s lockscreen by abusing the newly introduced functionality.

Just hours after Apple announced the availability of a new FaceTime feature in iOS, iPhone enthusiast Jose Rodriguez, known for his YouTube channel videosdebarraquito, found a way to bypass a device’s lockscreen by abusing the newly introduced functionality.

With the release of iOS 12.1, Apple rolled out a new feature called Group FaceTime, which allows users to add other people to their ongoing FaceTime call.

While the feature may be useful for many people, Rodriguez quickly discovered that it can be abused to bypass the passcode on iPhones and gain access to contact information saved on a device.

The hack is easy to carry out and it’s very reliable, unlike other methods discovered by Rodriguez recently, which involved tens of steps and often required multiple attempts to complete.

The attack starts with a phone call to or from the targeted device – Siri can be used to make a phone call to someone in the address book or a specified phone number. If the calling/called device has FaceTime, the hacker can switch the call to FaceTime and then select the “Add Person” option associated with the newly introduced group feature.

The device will prompt the attacker to select someone from the address book. While only contact names are displayed initially, the attacker can use 3D Touch – the feature that allows the device to distinguish between different levels of force being applied to the screen – to obtain additional information for each contact.

In the past years, Rodriguez identified numerous methods to bypass an iPhone’s lockscreen and gain access to contacts and photos stored on a device.

Advertisement. Scroll to continue reading.

He recently discovered several methods involving Siri and the VoiceOver accessibility feature. Apple has made multiple attempts to patch the bugs after Rodriguez found new variations. The most recent patch came on Tuesday, when Apple released iOS 12.1, but it’s clear that the hacker is very resourceful.

While some of these passcode bypass methods were patched with regular updates, Apple also rolled out iOS updates specifically to address Rodriguez’s hacks.

Related: iPhone 6s Lockscreen Bypass Allows Access to Photos, Contacts

Related: Multiple Passcode Bypass Vulnerabilities Discovered in iOS 9

Related:iOS Lockscreen Bypass Gives Access to Contacts, Photos

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Karl Triebes has joined Ivanti as Chief Product Officer.

Steven Hernandez has joined USAID as CISO and Deputy CIO.

Data security and privacy firm Protegrity has named Michael Howard as its CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.