iOS 12.1 came out just a few days ago and it’s already creating headaches for Apple. A security researcher has found a serious bug which allows anyone to spy on your iPhone or iPad.
The worst part is how easy the process is. The attacker won’t even need any special tools to perform the hack, just physical access to the device. As seen in the video below, the first step involves long-pressing the Home button and invoking Siri. The hacker then has to ask the voice assistant to make a phone call.
Once the call begins, they have to switch to FaceTime. They then swipe up to open the Control Center and activate Airplane Mode. After this, they have to swipe down and tap on the “…” symbol on the right. This will slide open a new window where they can add another person.
iOS 12.1 Exploit
The iPhone then lets the attacker view your entire contacts list. Even worse, 3D Touch allows them to view even more information about a person including their number and email ID. All this is made possible in iOS 12.1 because Apple rolled out a new Group FaceTime feature which lets up to 32 people chat in a conversation.
On the one hand, you can see why Apple allows contacts to be pulled up directly from the lock screen. It’s a convenient way to add more people to a conversation without having to unlock the iPhone itself. On the other hand, it’s an easy way to bypass the lock screen and take a look at a user’s contacts and personal data.
The Verge also highlighted another video which demonstrates how to steal recent images from an iPhone via the iOS 12.0.1 build. Apple clearly has its work cut out for it to squash all these workarounds in future iOS versions.