iOS 12.1 lock screen flaw lets anyone access your contacts

By

iPhone X Product Red Wallpaper
Beware this iOS 12.1 bug.
Photo: Ste Smith/Cult of Mac

If you’ve upgraded to iOS 12.1 already, you might want to be careful about where you leave your iPhone. It turns out that a new lock screen flaw lets anyone access your contacts without your passcode. The video below shows you how it’s exploited.

Apple’s software updates have gotten better recently in terms of stability — better than iOS 11 was, at least — but they aren’t perfect. There have been some serious issues that have left Apple Watch units bricked, and now another has been discovered in iOS 12.1.

The problem is specific to Apple’s latest release because it relies on a brand new feature: Group FaceTime.

Group FaceTime brings lock screen flaw

The flaw, discovered by Jose Rodriguez, lets you access a person’s contacts by starting a phone call, switching to FaceTime, and then adding more participants to the call. This causes iOS to present the contacts list, and you can then use 3D Touch to obtain more information.

Rodriguez’ video below shows how the trick works.

Apple obviously needs to do something to eliminate this problem. Forcing users to unlock their device before adding others to a call is one possible fix. But you shouldn’t worry too much about your contacts being exposed.

If no one else has access to your device, there isn’t an issue. And if you’re really worried, you can disable Siri activation from the lock screen — which would prevent this trick from working — by going into Settings, then Siri & Search, then choosing Access When Locked.

Via: PhoneArena