iOS 12, a última versão do sistema operacional móvel da Apple que foi lançado em meados de setembro, já está enfrentando um problema de segurança grave. Pelo visto, someone has found a way to go around its lock screen security to access the device owner’s contacts, e-mails, números de telefone, e fotos.
It is in fact a matter of two separate bypass exploits unearthed by a security researcher. One is a lock screen bypass, and the other is a Face ID and Touch ID bypass.
Complex Bypasses in iOS 12 descoberto
Claro, if someone wants to exploit iOS 12’s lock screen, they will need to go through 12 steps in a specific sequence in order to view contacts, numbers and emails. além do que, além do mais, tem 21 separate steps to view photos. This makes an attack complicated to accomplish, but a dedicated individual with enough time, the right set of instructions and physical access to the device would definitely go through the trouble.
The two complicated bypasses were discovered by Jose Rodriguez, and they are indeed difficult to perform. The steps involve the deployment of Siri, Apple’s VoiceOver screen reader feature and the Notes app. Both of the methods are valid on iPhones running iOS 12, models with Face ID or Touch ID inclusive.
The researchers revealed the exploits in two separate videos in Spanish shared on his YouTube channel. In the first video it is revealed how a malicious user would be able to bypass Face ID and Touch ID security protocols.
Primeiro, Rodriguez activates VoiceOver through a Siri request. Então, he calls the target iPhone with a separate device and, with the call dialogue displayed, taps the “mensagem” button to create a custom text message, AppleInsider explicado.
Once in Messages, Rodriguez moves the text selector to the “+” símbolo, denoting the addition of another contact, then uses the secondary device to text the target iPhone, triggering a notification to appear. Double tapping the screen on the target iPhone while the notification is displayed appears to cause a conflict in the iOS user interface.
It should also be noted that the researcher confirmed to AppleInsider that the second device is required to carry out the bypass.
With the screen now blank, Siri is once again activated and quickly deactivated. The screen remains blank, but VoiceOver’s text selection box is seemingly able to access and navigate Messages’ user menu. Swiping back through the available options and selecting “Cancelar” retrieves the original Messages screen, where a nefarious user can add a new recipient. Selecting a numeral from the soft keyboard brings up recently dialed or received phone numbers and contacts that contain metadata associated to that number.
A partir daí, it is very easy to access the address book with the condition that a displayed contact or number presents an “i” or info button next to the entry in question.
Disabling VoiceOver, again via Siri, and tapping on the “Eu” icon displays a contact’s information. Performing a 3D Touch gesture on the contact avatar brings up options to “Ligar,” “mensagem,” “Add to Existing Contact” ou “Create New Contact.” Selecting the latter displays a full list of contacts.
Então, Photos become retrievable via enabling VoiceOver and swiping down to Camera Roll on an unseen user menu, pesquisadores explicaram.
The two bypasses are yet to be addressed in the latest iOS 12.1 beta.
To minimize the risk, users can disable Siri lock screen access in Settings > Face ID & Senha ou Settings > Touch ID & Senha debaixo de “Allow access when locked” título. As for the second bypass – it can be circumvented by enabling password protection for Notes by navigating to Settings > Notes > Password.