Security flaw gives hackers easy access to your iPhone contacts
With a new iPhone just around the corner, Apple’s iOS 13 is also getting ready to make its debut. The new operating system packs significant promise with its range of new features and stability improvements. But in regards to bugs and exploits, security researchers have made some discoveries about iOS 13 that have us more than a little concerned.
Upon deeper investigation into the beta versions of iOS 13, a researcher has discovered a critical security flaw that would allow anyone to bypass your screen lock and give instant access to your contacts, email addresses and more. What’s worse, the flaw completely ignores FaceID and doesn’t even require malware or hacking know-how to take advantage of.
If you’re already using the iOS 13 beta or were interested in making the switch once the latest edition of iOS is ready for download, here are the latest details on this zero-day discovery and what it means for privacy and security on your iPhone.
iOS 13 zero-day exploit lets anyone into your contacts
According to The Verge, security researcher Jose Rodriguez discovered an exploit that allows anyone with physical access to the phone to bypass the passcode lock and Face ID to access your contacts. Being that this glitch was discovered prior to its official release, it falls under the category of a “zero-day” exploit and is the first of such to be discovered in iOS 13.
Coincidentally, the same security researcher discovered a similar flaw last year on iOS 12, which used Facetime to bypass the lock screen in order to access the phone. Apple quickly patched the issue once it was made public.
For the latest exploit, all one needs to do to get into an iPhone is to activate a Facetime call and use Siri’s VoiceOver feature to access the contact list.
This somehow overcomes any of the built-in security found in iOS, rendering the need for a passcode or face recognition all but pointless. Once inside, a hacker would have complete access to the contact list of the victim’s iPhone, along with any data contained within like email addresses, phone numbers and physical addresses.
Is my phone at risk? Should I download the latest version of iOS when it’s released?
Thankfully, Rodriguez revealed that he had informed Apple about the exploit. Since then, he has noted that newer editions of the iOS 13 beta seem to have patched the issue.
Keep in mind, these are test releases and a final version of iOS 13 has not been pushed for developers to inspect. This “gold master” could still contain glitches, so it’s advisable, as always, to wait for the final release before downloading and installing it to your device.
This security flaw underscores the risks that come with downloading unfinished software like beta releases. At Komando.com, we will always advise our users to stay current with the latest versions of their respective operating systems for security reasons, but beta releases shouldn’t be taken into account as part of that advice.
Not only can they be buggy, as with the example above, but users will also tend to find their apps unresponsive or incompatible with unreleased software installed on their system.
Debugging is a natural part of the software release process, so rather than jump the gun and download the moment a beta is available, it’s always worth waiting for the official, bug-free release to make its debut. When it comes to your privacy and device security, patience is a virtue, indeed.
Tags: Apple, Apple iPhone, malware, operating systems