Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India

Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan

Credits: Gadget Hacks

Apple may pride itself on its commitment to user privacy and security, but it isn’t invulnerable. We now know there is a bug in the latest version of iOS 12 and iOS 12.1 beta that allows those in the know to bypass your passcode and access contacts and photos. This applies to both Face ID and Touch ID-enabled iPhones. Not only do we know about the bug itself, we know exactly how to exploit it.

On Sept. 26, the YouTube account Videosdebarraquito posted two videos (in Spanish) showing off how to bypass any iPhone locked by a passcode running iOS 12. This YouTuber is also the one responsible for discovering previous lock screen exploits. Soon after the new videos, tech channel EverythingApplePro made his own video (in English), based on the information exposed by Videosdebarraquito.

You can watch it right now below, but it’s a complicated procedure. To make it easier to understand, we have listed the steps necessary to exploit the security vulnerability underneath the video, so jump down to see them and follow along with the video.

View All Contacts & Their Numbers & Emails

  1. If Face ID is disabled, you’re ready. If it is enabled, cover the Face ID camera with tape. If it’s a Touch ID device, you’re already ready to go.
  2. Long-press the Side button to activate Siri. If it’s a Touch ID device, just long-press the Home button.
  3. Tell Siri to “enabled VoiceOver.”
  4. Click the Side button to sleep the device.
  5. Use another iPhone and phone call or FaceTime call the target iPhone.
  6. Single-tap the “Message” icon on the incoming call screen, then double-tap anywhere on the screen.
  7. Single-tap “Custom” on the list that appears, then double-tap anywhere on the screen.
  8. Single-tap the plus (+) icon in the top right to highlight it.
  9. On the other iPhone, send a text or iMessage to the target iPhone.
  10. Right when the notification appears on the target iPhone, double-tap anywhere on the screen to select the highlighted plus (+) icon underneath it.
  11. Wait until the screen goes white and the notification disappears.
  12. Single-tap on the screen to highlight an invisible option.
  13. Swipe left on the screen multiple times until you hear VoiceOver say “Cancel.” An invisible button will be highlighted underneath the notch, barely noticeable. It’s more obvious on a Touch ID device.
  14. Double-tap anywhere on the screen to select the “Cancel” option.
  15. Single-tap the numbers icon in the keyboard, then double-tap anywhere on the screen.
  16. Single-tap any number in the top row of the keyboard, then double-tap anywhere on the screen. You should now see all of the contacts that begin with that number. You can 3D Touch on them to see more of their contact details.
  17. If you see an info (i) button next to any of the contacts, single-tap on it, then double-tap anywhere on the screen. (We could not find any of our contacts with an (i) next to them, but you may have better luck.)
  18. Long-press the Side button to activate Siri. If it’s a Touch ID device, just long-press the Home button.
  19. Tell Siri to “disable VoiceOver.”
  20. Swipe up from the bottom of the screen to exit the Siri screen back to the contact page. If it’s a Touch ID device, simply click the Home button once.
  21. 3D Touch on the contact’s icon up top on their info page. A menu will appear with options such as “Call,” “Message,” and “Add to Existing Contact.”
  22. Single-tap “Add to Existing Contact.” You should now be able to see all of the contacts on the iPhone in order, unlike before when you could only see contacts based on the number you input.
  23. Single-tap any contact.
  24. Single-tap on the contact’s photo icon where it says “add photo,” then single-tap “Choose Photo” from the popup. You won’t actually be able to see any photos at this point.
  25. Long-press the Side button to activate Siri. If it’s a Touch ID device, just long-press the Home button.
  26. Tell Siri to “enabled VoiceOver.”
  27. Swipe up from the bottom of the screen slowly until you feel a vibration, to exit the Siri screen back to the photos page (which looks like the contact page). If it’s a Touch ID device, simply click the Home button once.
  28. Swipe right multiple times on the screen until you hear “Camera Roll.”
  29. Double-tap anywhere on the screen to select the “Camera Roll” option.
  30. Single-tap on the screen where an image would normally appear.
  31. Double-tap anywhere on the screen to select the photo highlighted.
  32. Swipe left or right multiple times on the screen until you highlight the “Choose Photo” option.
  33. Long-press the Side button to activate Siri. If it’s a Touch ID device, just long-press the Home button.
  34. Tell Siri to “disable VoiceOver.”
  35. Swipe up from the bottom of the screen to exit the Siri screen back to the contact page. If it’s a Touch ID device, simply click the Home button once.
  36. Single-tap “edit” on the contact’s photo, then choose “Edit Photo” from the menu.
  37. You can now view the photo in high resolution, albeit, with a translucent black around the main circle of the image selector.

As noted above in the instructions, to see the full contact list in order, as well as photos on the device, you’ll need to see the “i” button appear next to a contact in Step 16. If “i” isn’t present, you will only have access to the contact lists with that particular number in them.

As with most security-related bugs, we expect Apple to issue a software update as soon as possible. Make sure to check “Software Update” in the “General” settings often if you want to protect your iPhone from this bug. If you have iOS 12’s new “Automatic Updates” enabled, you’ll be all set.

www.extremehacking.org

Sadik Shaikh | Cyber Suraksha Abhiyan, Ethical Hacking Training Institute, CEHv10,CHFI,ECSAv10,CAST,ENSA, CCNA, CCNA SECURITY,MCITP,RHCE,CHECKPOINT, ASA FIREWALL,VMWARE,CLOUD,ANDROID,IPHONE,NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking,Center For Advanced Security Training in India, ceh v10 course in Pune-India, ceh certification in pune-India, ceh v10 training in Pune-India, Ethical Hacking Course in Pune-India