iOS Hacker Discovers Apple VoiceOver Exploit to Bypass Lock Screens
- Hacker Jose Rodriguez discovered an exploit in Apple’s VoiceOver app that is still unpatched.
- The exploit allows attackers the ability to bypass lock screens and gain access to devices.
- VoiceOver is a feature built into Apple’s platforms to help users with low vision, and dyslexia users access to devices using voice commands.
One of the best features of macOS and iOS is Apple VoiceOver. The feature was first introduced for macOS way back in macOS 10.4. It allowed users with visual impairments and dyslexia the ability to use voice commands to control their Apple devices using voice commands. The feature was then ported to the iPod shuffle and eventually to all modern iOS devices.
A hacker has managed to find an exploit that allows attackers access to iOS devices by exploiting VoiceOver. The exploit is still available and has not been patched yet. Amateur hacker Jose Rodriguez posted a video showcasing the exploit. If you want to avoid being exposed to the exploit, you can disable Siri lock screen access from Settings > Face ID & Passcode or Settings > Touch ID & Passcode under the “Allow access when locked” group of settings.
According to Rodriguez “the target iPhone first receives a phone call from an outside number, which triggers a standard iOS call dialogue. If the attacker does not know the target iPhone's number, they can acquire caller ID information by invoking Siri and asking the assistant to call their personal phone digit-by-digit.”
The bypass was discovered just two weeks after Rodriguez discovered two other VoiceOver exploits that allowed users access to a user’s photos and contacts. Unlike the other uncovered methods, the latest exploit allows hackers the ability to transfer photos from one iOS device to another in a few simple steps as showcased in the video. This is not the first security flaw Apple has to deal with this year, with a major Bloomberg report claiming that server technology belonging to companies like Apple and Amazon were infiltrated by Chinese military hackers earlier this year.
What do you think of the Apple VoiceOver exploit? Let us know in the comments below. Also, don’t forget to follow us on Facebook and Twitter. Thanks!