Just hours after Apple announced the availability of a new FaceTime feature in iOS, iPhone enthusiast Jose Rodriguez, known for his YouTube channel videosdebarraquito, found a way to bypass a device’s lockscreen by abusing the newly introduced functionality.
With the release of iOS 12.1, Apple rolled out a new feature called Group FaceTime, which allows users to add other people to their ongoing FaceTime call.
While the feature may be useful for many people, Rodriguez quickly discovered that it can be abused to bypass the passcode on iPhones and gain access to contact information saved on a device.
The hack is easy to carry out and it’s very reliable, unlike other methods discovered by Rodriguez recently, which involved tens of steps and often required multiple attempts to complete.
The attack starts with a phone call to or from the targeted device – Siri can be used to make a phone call to someone in the address book or a specified phone number. If the calling/called device has FaceTime, the hacker can switch the call to FaceTime and then select the “Add Person” option associated with the newly introduced group feature.
The device will prompt the attacker to select someone from the address book. While only contact names are displayed initially, the attacker can use 3D Touch – the feature that allows the device to distinguish between different levels of force being applied to the screen – to obtain additional information for each contact.
In the past years, Rodriguez identified numerous methods to bypass an iPhone’s lockscreen and gain access to contacts and photos stored on a device.
He recently discovered several methods involving Siri and the VoiceOver accessibility feature. Apple has made multiple attempts to patch the bugs after Rodriguez found new variations. The most recent patch came on Tuesday, when Apple released iOS 12.1, but it’s clear that the hacker is very resourceful.
While some of these passcode bypass methods were patched with regular updates, Apple also rolled out iOS updates specifically to address Rodriguez’s hacks.
Related: iPhone 6s Lockscreen Bypass Allows Access to Photos, Contacts
Related: Multiple Passcode Bypass Vulnerabilities Discovered in iOS 9
Related:iOS Lockscreen Bypass Gives Access to Contacts, Photos
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Intel Boasts Attack Surface Reduction With New 13th Gen Core vPro Platform
- Dole Says Employee Information Compromised in Ransomware Attack
- High-Severity Vulnerabilities Found in WellinTech Industrial Data Historian
- CISA Expands Cybersecurity Committee, Updates Baseline Security Goals
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- Organizations Notified of Remotely Exploitable Vulnerabilities in Aveva HMI, SCADA Products
- Waterfall Security, TXOne Networks Launch New OT Security Appliances
- Hitachi Energy Blames Data Breach on Zero-Day as Ransomware Gang Threatens Firm
Latest News
- Intel Co-founder, Philanthropist Gordon Moore Dies at 94
- Google Leads $16 Million Investment in Dope.security
- US Charges 20-Year-Old Head of Hacker Site BreachForums
- Tesla Hacked Twice at Pwn2Own Exploit Contest
- CISA Ships ‘Untitled Goose Tool’ to Hunt for Microsoft Azure Cloud Infections
- Critical WooCommerce Payments Vulnerability Leads to Site Takeover
- PoC Exploit Published for Just-Patched Veeam Data Backup Solution Flaw
- CISA Gets Proactive With New Pre-Ransomware Alerts
