The Hacker News reported that iOS 13 will ship out containing a vulnerability that is known to Apple. The flaw allows anyone with access to your phone to bypass the lockscreen gaining access to some sensitive information.
The Hacker News spoke with Jose Rodriguez, the security researcher who discovered this flaw. He said it allowed him to access the full list of Contacts on his iPhone, and all information related to each contact.
Rodriguez, says he discovered the flaw in iOS 13 beta, and reported it to Apple on July 17, however, Apple, who recently attacked Google for revealing several security flaws, saying “iOS security is unmatched because we take end-to-end responsibility for the security”, has failed to correct the bug.
According to Rodriguez the bypass still works on the Gold Master version of iOS 13, that will be rolling out to everyone on September 19. Well done Apple, the users of iOS should now feel great confidence that your security is unmatched.
The bug allows anyone with physical access to the iPhone to access the full list of stored Contacts, and the detailed information for each including names, phone numbers, and emails, using nothing more than a FaceTime call. This short video shows just how easy this vulnerability is to execute.
This flaw as demonstrated by the above video doesn’t require developer knowledge or special hardware. Average users, could quite easily leverage this vulnerability. While it’s very clear Apple shouldn’t be bragging about iOS security, maybe the iPhone maker could have saved ICE the 35 million they paid to Cellebrite for tools to hack into phones.
What’s more, this latest lockscreen bypass hack is similar to one Rodriguez found last year in iOS 12.1 that used the iPhone’s built-in VoiceOver feature. So not only did Apple, not fix the problem, they have nearly repeated an issue and ignored someone from whom warnings should carry real gravitas.
H/t The Hacker News Header Image by amendch
Mason Pelt, is a guest author for Internet News Flash. He’s been a staff writer for SiliconANGLE and has written for TechCrunch, VentureBeat, Social Media Today and more.
He’s a Managing Director of Push ROI, and he acted as an informal adviser when building the first Internet News Flash website. Ask him why you shouldn’t work with Spring Free EV.
ALWAYS the case where Apple use their iSheeple as testers, nothing new here happens EVERY time.
All iPhones older than the iPhone 6S plus won’t receive iOS 13. That means iPhone 5, 6/6s/6s Plus will remain stuck on iOS 12 forever, and begin accumulating unfixed bugs and security issues from the point iOS 13 is released…and iOS 13 will be released on the 13th of this month.
So if you don’t have money to buy iPhone 7 or higher then you’re stuck with the unfix bugs and security issues. Same bugs they’ll release. Start buying or saving for a new iPhone
As long as I remember back to the past 8 years, it always was like this: release day software always prepackaged with known bug. So you better had to wait 1 more week for the .0.1 that fixed those known issues and delivered new unknown ones. Apple is a marketing company, not tech.
I’m sure knowingly releasing this flawed build to public may lead to interesting cases, apart from damaging their image.
In a “hold my beer” move YouTube did the same thing about 20 hours later.
https://www.politico.com/story/2019/09/25/youtube-ceo-politicians-break-content-rules-1510919