iOS hacker Jose Rodriguez discovered a new obscure vulnerability in Apple’s iOS VoiceOver. The bug allows an attacker to gain access to a target’s photos. While the bug requires physical access to the target’s phone, it’s effectiveness raises concerns over the OS update.
iOS VoiceOver Vulnerability – The Story
According to AppleInsider, iOS hacker Jose Rodriguez discovered a bug in the new iOS’s VoiceOver function. The vulnerability, when utilized, allows an attacker to gain access to a target’s photos with relative ease.
While this particular hack requires the attacker to have physical access to the target’s phone, there’s nothing else that stands in an attackers way. Even though the attack requires the hacker to call the target’s phone first, the attacker can easily use Siri to get the target’s phone number and begin the hack.
You can see Rodriguez’s proof-of-concept video below:
Once the attacker calls the target phone, they can tap on the “Answer by SMS” option and then select the “Personalize/custom” option. The attacker has to type anything into the message and then ask Siri to activate VoiceOVer. Then, the attacker clicks on the camera icon and double-tap the screen while activating Siri.
This triggers the vulnerability, which will turn the target’s screen black and give the attacker access to the phone’s UI. Then, the attacker will be able to access the image library by simply swiping left.
By double-tapping on the photos, the images are added to the message, which can be sent to the attacker’s own phone.
iOS VoiceOver Vulnerability – How to Stay Safe
This isn’t the first Apple OS vulnerability this year. In fact, Apple’s new MacOS was found to have a serious zero-day vulnerability. Perhaps this is the year where Apple users stop falling for the myth of perfect Apple security? Well, one can only hope.
There are many ways you can secure your iOS 12 device, however, to counteract this particular vulnerability, you need to:
- Disable Siri’s lock screen access: As you can see from the proof-of-concept video, most of the attack relies on using Siri to access VoiceOver and to get the number of the target’s phone while the phone is locked. Disabling access to Siri from the lock screen obviously helps circumvent that. Here’s how to disable Siri’s lock screen access:
Settings > Face ID & Passcode or Settings > Touch ID & Passcode. Under the Allow Access When Locked field, toggle off Siri.
- Start paying attention to where you leave your phone: In other words, this vulnerability requires an attacker to have physical access to your phone. Even if you’ve locked your iPhone with a password, you’re still running the risk of physical hacks when you misplace your phone.
Honestly, with this particular vulnerability, these two tips should help you protect your iPhone. However, there are several tips and tricks you can use to keep your iOS 12 device secure at all times. You can check all of them out in this article.
If you want to also protect your iPhones from more traditional data-centered hacks, consider installing a VPN onto your phone. With a trusted and credible VPN, like ExpressVPN, you’ll be able to secure your data, keep your connection private, and add a level of anonymity to your internet experience.
iOS VoiceOver Vulnerability – Final Thoughts
So, iPhone users: Now is the time for you to start taking your mobile security seriously. Make sure to take all of the steps necessary to secure your information, and remember to keep tabs on the physical location of your devices. Let us know in the comments what methods you take to keep your iPhones secure, especially from all the new vulnerabilities popping up these days.