Another vulnerability in iOS 12’s VoiceOver feature has been found — and it could allow attackers to bypass the Lock screen and view or send private photos.
The VoiceOver bug was discovered by Jose Rodriguez, an iPhone enthusiast and taxi driver who has become a rather prolific vulnerability hunter. Rodriguez posted a Spanish-language video detailing the exploit to his YouTube channel on Friday.
To carry out the exploit, an attacker would need extended physical access to their target iPhone, as well as another device.
The exploit itself takes about a dozen steps, and as mentioned earlier, exploits a vulnerability in the VoiceOver accessibility feature to bypass the Lock screen and view private photos. Attackers can then offload those private photos to another device rather easily.
How Does It Work?
Essentially, it works like this.
- An attacker calls the target iPhone from another smartphone or device. From the call pane on the target handset, they’d select Message and Custom to bring up a familiar iMessage screen.
- The would-be hacker would then invoke Siri to activate VoiceOver. When the attacker taps on the Camera icon in Messages, iOS will seemingly “break” and bring up a black screen.
- From here, it’s just a matter of hitting the Home button and using VoiceOver to “navigate” that blank screen until Siri says the attacker can select the Photo Library.
- With just a couple of additional steps, the attacking party can start “selecting” pictures in that Photo Library and paste them into the Messages field. That allows them to view the photos, as well as send them to basically any number.
What Should I Do?
It’s worth noting that Rodriguez discovered and publicized a similar but much more complicated vulnerability late last month. Apple patched that flaw with its recent iOS 12.0.1 update, and we expect the firm to do the same for this vulnerability.
Today’s bug seems to impact most recent iPhone models — including the iPhone XS and XS Max — running the latest software, up to the aforementioned iOS 12.0.1.
Until Apple addresses the vulnerability in a future update, you can take a few steps to protect yourself if you’re concerned about unauthorized access to your photos.
First, just make sure to keep tabs on your iPhone and don’t leave it unattended for too much time.
Otherwise, you can mitigate the bug by disabling access to Siri from the Lock screen. But it’s important to note this will inherently disable the useful iOS feature.
- Navigate to Settings
- Face ID & Passcode (or Touch ID & Passcode).
- Under the Allow access when locked header, make sure that the toggle next to Siri is disabled.