Highlights: According to researcher Jose Rodriguez who told The Register that the latest iOS version 10 is vulnerable to same kind of lock screen bypass as detected earlier with previous iOS versions.
According to the latest report, Mr Rodriguez has discovered a bug which allows opening the address book without requiring to unlock the device. He actually found the bug in July this year when iOS 13 was in beta or testing phase.
Alike other bugs, this problem also requires users to get physical access to device. Here’s the researcher’s statement:
“Bypassing the lock screen includes receiving a call and selecting to answer the call with a text message. After that you need to change the “to” field value for this message using the voice-over functionality”, – says Jose Rodriguez.
As per the resultant of this bug, the “to” field provides access to contact list of device owner, and offers attacker with opportunity to examine the victim’s address book without having the device unlocked. Even the researcher has suggested a wa y to prevent such attack by just turning off the ability to answer the call with a text message from the lock screen in settings options. In iOS 13, this feature is unfortunately active by default.
As per the Rodriguez, although the found bug is not very critical, he still has told about the same to Apple, and asked the company to offer some gift as reward to find the bug. Also, the experts did not asked the the company for a large monetary reward as it was just a question of an Apple Store card with a face value of 1 dollar to save it as a trophy. Initially, the company also agreed to thank the researcher, but later the officials told that there would be no prize for that as iOS 13 was in beta at the moment when the bug was detected and the researcher was not thanked at all for finding the error in beta phase.
The researcher even told that the bug has not been fixed till now and works even with the latest iOS builds too of iOS 13 which should be released later in this month.
You may also read: Researchers discovered NetCAT attack that can leak data from Intel CPUs