New iPhone Bug Gives Anyone Access To Your Photos
A security enthusiast who discovered a passcode bypass vulnerability in Apple's iOS 12 late last month has now dropped another passcode bypass bug that works on the latest iOS 12.0.1 that was released recently.
Jose Rodriguez, a Spanish amateur security researcher, discovered a bug in iOS 12 in late September that allows attackers with physical access to your iPhone to access your contacts and photos.
The bug was patched in iOS 12.0.1, but he now discovered a similar iPhone passcode bypass hack that works in 12.0.1 and is easier to execute than the bug Rodriguez discovered and reported two weeks ago.
The new hack allows anyone with physical access to your locked iPhone to access your photo album, select photos and send them to anyone using Apple Messages.
Since the new hack requires much less effort than the previous one, it leaves any iPhone user vulnerable to a skeptic or distrustful partner, curious college, friend or roommate who could access your iPhone's photo album and grab your private photos.
Here's How to Bypass iPhone Lock Screen to Access Photos
The new passcode bypass requires about 10 steps to get executed, as follows:
• Call the target iPhone from any other phone (if you don't know the target's phone number, you can ask Siri "who I am," or ask Siri to make a call to your phone number digit by digit).
• Don't answer the call by picking it up, instead of tap on "Messages" (by default in iOS comes on) and tap on "Custom" to reply via text message.
• Type any word in the text message box.
• Ask Siri to enable VoiceOver, a service meant for sight-impaired users.
• Tap on the camera icon.
• Invoke Siri with the iPhone's home button and at the same time double-tap the phone's screen (it does not work then repeat many times).
• When the screen comes black, swipe your finger on the screen up to the top left corner where VoiceOver will read aloud what you have selected. Keep swiping until VoiceOver reads "Photo Library."
• Double tap on the screen to select Photo Library. This will take you back to the message screen, but you'll see a blank space in the place of the keyboard. It is actually an invisible Photo Library.
• Now swipe your finger up to VoiceOver read aloud the characteristics of each photo.
• Double-tap on a photo will display it while adding the picture to the text box, which you can then send to any number.
The new passcode bypass method works on all current iPhone models, including iPhone X and XS devices, running the latest version of the Apple mobile operating system, i.e., iOS 12 to 12.0.1.
Until Apple comes up with a security patch, you can temporarily fix the issue by disabling Siri from the lockscreen.
Here's how to disable Siri: Go to the Settings ? Face ID & Passcode (Touch ID & Passcode on iPhones with Touch ID) and Disable Siri toggle under "Allow access when locked."
Of course, disabling Siri would cripple your iOS 12 experience, but would prevent attackers from abusing the feature and breaking into your iPhone.
Meanwhile, just wait for Apple to issue a software update to address the new iPhone passcode bypass bug as soon as possible.
You Might Also Read:
![sic[!]sec](https://www.cybersecurityintelligence.com/files/logo/thumbnails/3062.jpg){kind=logo}
