A new iOS 12.1 exploit means phone thieves can access all of your contacts with a couple taps
At least it requires the person to actually have possession of the phone.
Man, people just love breaking new stuff. Such is the case with iOS 12.1, as it has now been discovered that you can get into a person’s contacts on iOS 12.1 without any passwords, fingerprints, or severed heads to activate Face ID.
The vulnerability, discovered mere hours after Apple released iOS 12.1, involves using one of the new features associated with the update, group FaceTime calls. With it, you can gain access to the complete contacts list in someone’s phone.
How it works
Basically, you’re using Siri to let you into a FaceTime call while the phone is locked, then with airplane mode on, you start adding contacts to the call. With group FaceTime calls, you can either type a contact name in or you have the option to hit a little plus sign to search contacts.
Hitting the plus sign means you have full access to the person’s contact list.
If there is a silver lining here, it’s that this method and a previous one discovered in iOS 12.0.1, require the would-be hacker to have the phone in-hand. Even so, it is definitely troubling that access can be had so easily.
More about iOS 12.1
Released this week, iOS 12.1 introduces Group FaceTime calls, a bunch of new emoji, dual SIM control, and real-time depth control using the TrueDepth camera. To download the new, head to the Settings app under General > Software Update.
It seems like most new software releases feature some sort of bug, and while it’s easy to criticize a company for letting something through, it’s also good to remember that it is almost impossible to test everything in a controlled environment, it’s when it releases to the general public that the true stress-test begins.
What do you think of the exploit? Should Apple have done a better job with the update before releasing it? Let us know in the comments.
- The new T2 Security Chip from Apple means hackers will have a harder time eavesdropping
- Google’s user-created Emoji Minis are rolling out to users globally
- The new Apple Watch update is bricking some users’ devices