Casa > cibernético Notícias > Two Complex iOS 12 De senha Shunt Expor contatos e fotos

Dois iOS complexos 12 De senha Shunt Expor contatos e fotos

iOS 12, a última versão do sistema operacional móvel da Apple que foi lançado em meados de setembro, já está enfrentando um problema de segurança grave. Pelo visto, someone has found a way to go around its lock screen security to access the device owner’s contacts, e-mails, números de telefone, e fotos.

It is in fact a matter of two separate bypass exploits unearthed by a security researcher. One is a lock screen bypass, and the other is a Face ID and Touch ID bypass.

Complex Bypasses in iOS 12 descoberto

Claro, if someone wants to exploit iOS 12’s lock screen, they will need to go through 12 steps in a specific sequence in order to view contacts, numbers and emails. além do que, além do mais, tem 21 separate steps to view photos. This makes an attack complicated to accomplish, but a dedicated individual with enough time, the right set of instructions and physical access to the device would definitely go through the trouble.

The two complicated bypasses were discovered by Jose Rodriguez, and they are indeed difficult to perform. The steps involve the deployment of Siri, Apple’s VoiceOver screen reader feature and the Notes app. Both of the methods are valid on iPhones running iOS 12, models with Face ID or Touch ID inclusive.

Story relacionado: Apple resolve problemas de segurança no iOS 12, Safári 12

The researchers revealed the exploits in two separate videos in Spanish shared on his YouTube channel. In the first video it is revealed how a malicious user would be able to bypass Face ID and Touch ID security protocols.

Primeiro, Rodriguez activates VoiceOver through a Siri request. Então, he calls the target iPhone with a separate device and, with the call dialogue displayed, taps the “mensagem” button to create a custom text message, AppleInsider explicado.

Once in Messages, Rodriguez moves the text selector to the “+” símbolo, denoting the addition of another contact, then uses the secondary device to text the target iPhone, triggering a notification to appear. Double tapping the screen on the target iPhone while the notification is displayed appears to cause a conflict in the iOS user interface.

It should also be noted that the researcher confirmed to AppleInsider that the second device is required to carry out the bypass.

With the screen now blank, Siri is once again activated and quickly deactivated. The screen remains blank, but VoiceOver’s text selection box is seemingly able to access and navigate Messagesuser menu. Swiping back through the available options and selecting “Cancelar” retrieves the original Messages screen, where a nefarious user can add a new recipient. Selecting a numeral from the soft keyboard brings up recently dialed or received phone numbers and contacts that contain metadata associated to that number.

A partir daí, it is very easy to access the address book with the condition that a displayed contact or number presents an “i” or info button next to the entry in question.

Disabling VoiceOver, again via Siri, and tapping on the “Eu” icon displays a contact’s information. Performing a 3D Touch gesture on the contact avatar brings up options to “Ligar,” “mensagem,” “Add to Existing Contact” ou “Create New Contact.Selecting the latter displays a full list of contacts.

Então, Photos become retrievable via enabling VoiceOver and swiping down to Camera Roll on an unseen user menu, pesquisadores explicaram.

The two bypasses are yet to be addressed in the latest iOS 12.1 beta.

To minimize the risk, users can disable Siri lock screen access in Settings > Face ID & Senha ou Settings > Touch ID & Senha debaixo de “Allow access when locked” título. As for the second bypassit can be circumvented by enabling password protection for Notes by navigating to Settings > Notes > Password.

Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Compartilhar no Twitter chilrear
Compartilhar no Google Plus Compartilhar
Partilhar no Linkedin Compartilhar
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Partilhar no StumbleUpon Compartilhar