Apple’s iOS 12 update includes a workaround that can allow a hacker to access a device’s photos and contacts without having the passcode to unlock it.
It does not, however, allow unauthorized users full access to the device, and executing the workaround isn’t exactly an easy thing to do. Security research Jose Rodriguez recently posted a Youtube video showing how to exploit a bug in Siri, the iPhone’s voice assistant with a relatively convoluted process (it either takes 16 or 37 steps, depending on what you’re trying to access).
The “hack” both requires physical access to the targeted iPhone and a second iPhone to call the target via FaceTime, Apple’s proprietary video chat functionality. In other words, it won’t work unless someone actually takes your phone.
While the ability to gain access to any data from a locked device is problematic, the vulnerability itself isn’t as severe as it could have been. A hack that could remotely access a device or that could grant a user full access would be closer to a doomsday scenario from a security perspective.
What makes it noteworthy is that the iPhone’s security has widely been touted as being rock-solid for a consumer device, enough so that it’s been the subject of controversy between law enforcement and government agencies and privacy advocates. Having an even moderate workaround for a trillion dollar company’s flagship device shows the extreme difficulty of making something fully secure.
The object lesson here is to be careful about the data you keep on your devices and what you store online, and never assume your data is 100% secure.
See the original video detailing the hack here.
