So What Is This Security Flaw In iOS 13 That Everyone Is Talking About? Here Are The Details.

Last night I wrote that Apple had released iOS 13 despite the fact that a security flaw was present and unpatched that allowed someone with physical access to the phone to bypass the lock screen and get access to contact info on an iPhone. What’s worse was that this was reported in July but Apple didn’t bother fixing it in iOS 13 before it shipped yesterday. But the only good news is that it is fixed in iOS 13.1 which is due for release next Tuesday. Which every user of iOS should immediately update to the second that it becomes available.

So, how do you pull this off? Here’s a video that shows the process:

In short, what this guy did is start a FaceTime call and then accessed the voiceover feature from Siri to enable access to the contact list. You can then obtain email addresses, phone numbers, address information, and more from the list of contacts. I have replicated this on an iPhone running iOS 13 and it is very easy to do.

It’s also very easy to protect yourself. You just need to go to Face ID & Passcode settings -> Allow access when locked and toggle off the Reply with Message option. If you’ve already updated to iOS 13, you should go do that now to protect yourself. As in right now.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: