Supposedly, Jose Rodriguez has just found a method which triggers iOS 12.1 lock screen bypass by exploiting the group Facetime feature.
Rodriguez says, this bypass does not necessarily require using Siri, unlike the previous passcode bypass methods for iOS 12.
How does the screen lock bypass work?
According to Rodriguez, invoking the newly introduced Group FaceTime feature in the iOS 12.1 could allow an attacker to access user contacts. To exploit this bug, the attacker must have physical access to the device.
All it takes for an attacker is to call the target iPhone from any other iPhone, and invoking Group FaceTime after the call connects. The Group Facetime is the latest feature for the popular app.
Group FaceTime allows video chats with as many as 32 contacts. It means the feature involves access to the contacts stored on the device. That’s where the glitch resides. An attacker can simply tap “Add Person” from the menu, and then click on the “+” icon in the next screen. This is it! The entire contacts list now becomes exposed to the attacker. From here, the attacker can easily access further details for each contact by simply tapping individual contacts.
Here is the video shared by Jose Rodriguez to demonstrate the exploit.
What Apple needs to do about latest screen lock bypass
The recent iOS 12.1 lock screen bypass method comes right after the release of the updated iOS. Although, Apple has patched the previous passcode bypass bugs in this version. The current vulnerability is still awaiting a patch.
The new exploit specifically works for iPhones as it involves FaceTime. Almost all iPhone models running the iOS 12.1 are vulnerable to this attack method. What’s more worrying is that, at present, no workaround is available for the vulnerability.
What users can do to stay safe
- Update security patch as soon as it becomes available across iPhones.
- Keep your devices with you at all times.
- Uninstall Facetime if there’s no need for it.