Security Researchers Lockscreen Bypass in Apple iOS 12.1
- Apple released the latest iOS 12.1 update earlier this week.
- An exploit in the update has been discovered that allows individuals to bypass the lock screen.
- Using the exploit, users can gain access to contacts and use FaceTime without a passcode.
Apple recently patched iOS to block GrayKey from being used to bypass the lockscreen in iOS devices. However, with the latest iOS update (v12.1) being pushed out earlier this week, security researchers discovered a new lockscreen bypass that allowed limited access.
Bypassing the iOS 12.1 lockscreen using the newly discovered method can allow attackers access to contact information as well as FaceTime access with full call access without a passcode. The newly discovered exploit works only on iOS 12.1 and was discovered within hours from the release of the update.
The exploit was discovered by security researcher Jose Rodriguez from Spain. He contacted various tech news outlets to reveal his findings and also posted a video demonstrating the procedure. The exploit lies in Group FaceTime which was released in iOS 12 to allow up to 32 users in a video chat. According to Rodriguez "In a passcode-locked iPhone with latest iOS released today Tuesday, you receive a phone call, or you ask Siri make a phone call (can be digit by digit), and, by changing the call to FaceTime you can access to the contact list while adding more people to the Group FaceTime, and by doing 3D Touch on each contact you can see more contact information.”
The exploit has been confirmed to be working by many after it was shared online. Just like many of the previously discovered exploits, attackers need physical access to devices to perform the bypass. It does leave a cause for concern when using iPhones or iPads in public places, or when law enforcement wants to break into devices.
Apple is yet to release a statement about the exploit, and a patch is most likely in the works. This is not the first time a lockscreen bypass has been discovered. Some of the discovered exploits go all the way back to iOS 6.1. If you have not updated your Apple device to iOS 12.1 yet and are concerned about your security, feel free to wait until Apple patches out the exploit.
What do you think about the Apple lockscreen exploit? Let us know in the comments below. If you could share the article online, it would also be great so others can find it too. Come chat with us on Facebook and Twitter.