Apple’s Latest iOS Update – Yet Another Lock Screen Vulnerability

Last Tuesday, Apple released an update for their iOS12. The latest iOS update, while actively attempting to fix the vulnerabilities in iOS 12, was quickly caught out by security researcher Jose Rodriguez. Read on for the full story.

Apple’s Latest iOS Update – The Full Story

The iOS 12.1 update, which was released on Tuesday, was quickly caught out as having a similar vulnerability to iOS 12. To add to the tidbit, the vulnerability was found out by the exact same security researcher, Jose Rodriguez.

On Wednesday, Rodriguez released a proof-of-concept video on YouTube. The video shows how someone can bypass an iPhone’s lock screen and get access to contacts and email addresses using Siri and FaceTime. Here’s the video so you can see for yourself:

Here’s how the vulnerability works:

1. The attacker activates Siri and asks Who am I? to get access to the target’s phone number.
2. Pick up the call.
3. Access FaceTime through the call menu screen.
4. Enable airplane mode.
5. Tap the (…) icon.
6. Select Add Person.
7. Select the (+) Icon.

This way, the attacker will gain instant access to all the saved contact information on the target’s phone.

Perhaps what’s most interesting about Apple’s latest iOS update is that it came with vulnerability fixes for the previously reported bugs.

Apple’s Latest iOS Update Vulnerability – How to Stay Safe

There is a long list of steps you can take to secure your iOS 12 device in general. For this vulnerability, however, there really is only one thing you can do to make sure that you’re not at risk.

Turn. Siri. Off.

Yup, as fun as having your own personal AI helper is, the whole vulnerability is mute if Siri isn’t active. In fact, Siri has been a security risk since 2013. You don’t need to have this feature active when your screen is locked.

Here’s how you can turn off Siri on iOS 12.1: Settings > Face ID & Passcode or Settings > Touch ID & Passcode. Under the Allow Access When Locked field, toggle off Siri.

1. Go to Settings
2. Select Face ID & Passcode
3. Click on Touch ID & Passcode.
4. Scroll to the Allow Access When Locked field.
5. Toggle off Allow Siri When Locked.

That’s it. It’s a very simple security feature that Apple offers, even though it’s severely underrated. In general, it’s better to have Siri off when your phone is locked, as that limits how accessible your phone is when locked.

Latest iOS Update Vulnerability – Final thoughts

Dear iPhone users, I hope by now you’ve gotten the myth of the impenetrable OS out of your head. Make sure that you go through your security settings as thoroughly as possible. When it comes to this vulnerability specifically, prevention is your best option. Make sure that Siri can’t be accessed via your lock screen and that you always know where your phone is physically located.