Every new version of an operating system promises improved experience and features.
The same goes for iOS 13 from Apple, which competes with Android 10 from Google. After unveiling the mobile operating system, and announcing it alongside the iPhone 11 lineup, a report shows that iOS 13 has a flaw that could be dangerous.
This is according to security researcher Jose Rodriguez.
On his report, he said that iOS 13 has a bug that makes it possible for hackers to bypass lock screen protection, and access all stored contact information that include email addresses, phone numbers, and addresses on a target iPhone 11, and potentially other iPhones with iOS 13.
In a September 13, Rodriguez tweeted his finding:
“With No Enter the Passcode you can See Contacts info. iOS 13 Feature. Read description please.”https://t.co/0HyWmukeLq
Will Apple change this feature before the release of iOS 13❔
— Jose Rodriguez (@VBarraquito) September 13, 2019
Just like any security issues, this iOS 13 bug should also be taken seriously. However, not all exploits are considered equal.
The first thing to know about this bug is that, it requires attackers to have physical access to the target iPhone. In other words, the attack cannot be initiated remotely and isn't a straightforward process.
So for most people owning an iPhone, this should not worry them by much.
Second, even if attackers managed to have their hands on the target iPhone, they are still required to call or use a FaceTime session from another phone, and conducting a series of relatively complex responses.
According to Apple Insider said that, "Once the call is placed, the call recipient must opt to respond with a custom message rather than answer the call."
If VoiceOver using Siri is apparently turned off, "Following the toggling of VoiceOver, the user can add to contact field, which allows you to see the contact information of any contact in the phone."
What this means, the iOS 13 bug cannot be exploited quite easily.
To completely prevent this kind of attack, at least before Apple issues a fix, The Register suggests that iPhone users should take precautions, including "disabling 'reply with message' in your iDevice's Face ID & Passcode settings."
The setting for this can be found under the 'allow access when locked' section. This feature is enabled by default on iOS 13.
And because report further states that Apple was informed of this security flaw by Rodriguez in July but fix won’t be available until the end of September, it can be concluded that all iPhone 11, 11 Pro and 11 Pro Max phones on their initial release are having this vulnerability.
Previously, Apple has had similar issues in the past going back to the iPhone 6 series.
Hackers could exploit a lock screen bypass which gave access to not only contacts but also photos on iPhones. Through this, hackers could even bypass the passcode and Touch ID to get into iPhones.
On iOS 12, similar issue was found, where a lock screen bypass involved a FaceTime call could allow attackers access to stored contacts.