Apple IOS12 Users’ Photos And Contacts May Be Vulnerable - Olmec Skip to main content

Apple IOS12 Users’ Photos And Contacts May Be Vulnerable

By October 12, 2018June 3rd, 2022Cybersecurity

Jose Rodriguez, a Spanish Apple enthusiast, has discovered a new security flaw to be aware of. He posted a Proof of Concept video showing the exploit in action. 

We’ll say upfront that this is a highly convoluted attack involving more than two dozen discrete steps.  A hacker would need to be in possession of the phone to pull it off, so it’s not something that’s likely to become a major threat.

Even so, we’ll provide the details below.

Apple has built in security measures that are designed to prevent someone from tricking Siri into allowing unauthorized access to the phone.  Unfortunately, by using a complex series of steps involving both Siri and Apple’s Notes application, it’s possible for a hacker to bypass those security measures, access images stored on the phone, and then change the image associated with a contact or the owner of the phone.

This method is effective on both iOS12 and the iOS 12.1 beta, which means that Apple’s recent patch to their OS does not and will not prevent this exploit from working.  Worse, the company has yet to comment on the matter, so at this point, there’s no timetable for a fix.

The independent news site Threatpost has been able to replicate the attack, so we have third-party confirmation.

Fortunately, there’s a simple way to negate the attack entirely while we’re waiting for a patch to close the loophole once and for all.  Simply go to Settings – Face ID & Passcode – Touch ID & Passcode, and disable the “Allow access when locked” option for Siri.

Again, it’s important to reiterate that this is a highly complex attack that involves having both physical access to the device and more than two dozen steps, so this is not an issue that’s likely to be widespread.  Even so, it pays to take precautions until Apple can roll out a fix.

Chris Forte

Chris Forte, President and CEO of Olmec Systems, has been in the MSP workspace for the past 25 years. Chris earned his Master’s Degree from West Virginia University, graduating Magna Cum Laude. He was a past member of the Entrepreneurs’ Organization, a current member of the New Jersey Power Partners and Executive Association of New Jersey, where he has previously served on its board of directors. In his spare time, Chris enjoys traveling with his family. He also admits to being a struggling golfer and avid watcher of college football and basketball. He currently lives in Boonton Township, NJ with his wife, two daughters, son, and black lab Luna.