iPhone XS Passcode Bypass Hack Allows Access To Contacts, Photos
A passcode bypass method was discovered in Apple's latest operating system for its iPhone devices, iOS 12, that can allow access to contacts and photos on the smartphones. Jose Rodriguez, who describes himself as an Apple enthusiast based in Spain, posted a video last week of the complicated process required for the hack.
Rodriguez posted the video on his YouTube channel under the account name Videosdebarraquito, where he leads viewers through the 37-step bypass process in Spanish. In the video, he shows steps involving Siri, Apple's VoiceOver screen reader feature, and Notes application. He showed the method working on iPhones running the latest version of iOS, including models which have Face ID or Touch ID biometric security.
This method lets the hacker accessible images by editing a contact and changing the image linked with that contact. Apple had built in some security measures to stop precisely this from happening, but as can be seen in the video, Rodriguez found a way to get around those security barriers.
Threatpost, an independent news site, confirmed the bypass works on different iPhone models, including Apple’s latest model, the iPhone XS. There were other features that were accessible through this hack like access to the entire address book, making calls, and creating a custom text message.
In June, Matthew Hickey, an ethical hacker also discovered a similar passcode bypass. He ran a software which sent all passcode attempts ranging from 0000 to 9999 to the iPhone at once, instead of once at a time. The one-minute video showed that the iPhone got unlocked within seconds of running the software. He explained the brute-force attack — a method to gain access to anything that is password protected, as it tries various combinations of usernames and passwords again and again until it gets into the system — to ZDNet: "If you send your brute-force attack in one long string of inputs, it'll process all of them, and bypass the erase data feature."
At the time, Apple spokesperson Michele Wyman responded to Hickey's claim: "The recent report about a passcode bypass on iPhone was in error and a result of incorrect testing." The company did not say in any detail, however, why it disagreed with Hickey's findings.
In separate Apple news, some users are reporting problems with their new iPhone XS and iPhone XS Max, saying their devices didn't begin charging if the display screen was off when they were plugged into the mains. At the moment, the issue cannot be considered a huge drawback because of the lack of reports, but based on forum posts and YouTube videos, it appears to be valid. Some users speculated it could be the phone's inactivity making the charging cable unidentifiable, rather than the screen being off. Since charging is only disabled under specific conditions, it seems this could possibly be a software issue that Apple could fix with an iOS update.
Apple hasn't yet commented on either of these issues.