Apple Lock

The day after iOS 12.1 was released, a researcher disclosed a new passcode bypass method that allows you to easily view the phone numbers and email addresses of a device's contacts even when the device is locked.

When a iOS device is locked, you are not supposed to be able to access the device's contact list without first unlocking the phone. Unfortunately, a researcher has discovered a ridiculously easy way to bypass this security policy in order to access a user's contacts.

Discovered by security researcher Jose Rodriguez, to view the phone numbers and email addresses of a locked iOS 12.1 device, you can follow these steps:

  1. Use Siri to call a phone number.
  2. When the person you are calling answers the phone, click on the FaceTime button to initiate a FaceTime call.
  3. While the FaceTime call is being negotiated, swipe up on the screen and enable Airplane mode. Then swipe down so you are back at the FaceTime screen.
  4. Click on the circle with the ... () in it
  5. At the next screen, click on the + Add Person .( ) option.
  6. At the Add Person screen, start typing to see the contacts and their information auto-populate in the search list. To see all the contact information for a particular user, you can search for their full name.

To demonstrate this passcode bypass, Rodriguez create a YouTube video showing how easy it is to see a device's contact information.

As always, the best way to protect your phone from bugs like this is to always have it in your possession and not leave it around for others to access.

Related Articles:

iSH - An iOS Linux Shell for Your iPhone or iPad

Apple Fixes Creepy FaceTime Vulnerability, Crash Bug in macOS, and More

Apple Releases Security Updates for iOS and iCloud, Fixes Passcode Bypass

Roaming Mantis Group Testing Coinhive Miner Redirects on iPhones

macOS Mojave Privacy Bypass Flaw Allows Access to Protected Files