iOS 12.1 lockscreen bypassed hours after release, contacts accessed
Hours after iOS 12.1 started rolling out, security researchers flagged a major security hole, one that lets anyone access contacts of an iPhone. The bug bypasses lockscreen security but requires physical access of the target device. Several users were able to replicate the bug, gaining access to the contact information on locked iPhones. Here are the details.
However, no other information is at risk
The exploit provides access to contacts, which makes phone numbers and emails accessible to the attacker. This can prove problematic for anyone who leaves their iPhone unattended in shared spaces. However, it is worth noting that this bug doesn't provide access to other personal information on the device such as photos or videos.
How the exploit works?
iOS 12.1 brings a ton of new features, including the ability to hold Group FaceTime calls. The feature is pretty useful, but it is also the trigger of the exploit in the question. Essentially, when a locked iPhone is called and the Group FaceTime activated, the person holding the device gets an option to add people, which provides access to contacts.
Backstory: Apple's history with lockscreen bypasses
While Apple is expected to fix the issue with a future update, it is not the first lockscreen bypass to have been discovered. In fact, just a few weeks back, security researchers flagged a bug that provided access to photos on an iOS 12.0.1 device. Similar issues have also been flagged on iOS 6.1, iOS 7, and iOS 8.1.