An iOS 13 Bug Exposes Device Contacts While Exploiting FaceTime Call

After the launch of iOS 12, a researcher discovered back-to-back lock screen bypass flaws in the system exploiting various features. Every glitch made it possible for an attacker to access device data. Now, when iOS 13 is nearing its release, the same researcher has highlighted a similar lock screen bypass bug in iOS 13 exposing device contacts.

Jose Rodriguez, a Spanish researcher known for evaluating iOS bugs, has discovered a bug in iOS 13. He found a lock screen bypass vulnerability in the upcoming iOS 13 exposing user’s contacts stored in the device.

specifically, the attack requires the attacker having physical access to the target device to make a FaceTime call to it. Then, instead of answering the call, the attacker can choose to respond via text message while selecting ‘Custom’ option. The next step then requires activating the VoiceOver feature and changing the ‘to’ field of the message via voice commands. Eventually, the device opens up the contact list to the attacker. Now, it becomes easy to siphon device contacts data including numbers, and email addresses.

The researcher has demonstrated the attack in the following video.

You Might Also Like