iOS 13 Bug Lets You Access Contacts Without Unlocking Your Phone

Posted on September 13, 2019 by Mehedi Hassan in Apple, iOS, Mobile with 12 Comments

A new bug discovered in iOS 13 has a major privacy flaw. The bug was first reported by Jose Rodriguez, who reported the issue to Apple in July, but the bug still works on the Gold Master (GM) version of iOS 13, which is expected to be released on September 19.

The Verge reports that this new bug allows users to exploit an issue with the lockscreen, allowing them to bypass having to unlock their phone and access the full list of Contacts on the phone, as well as the details for each individual contact — that includes the names, phone numbers, emails, etc.

Rodriguez shared a video demoing the exploit in action, and it seems to use a FaceTime call to activate VoiceOver, and then using Siri to get access to the Contacts list:

The exploit was confirmed to be working in the iOS 13.0 GM release, but Apple seems to have addressed the issue in iOS 13.1 betas, which is expected to arrive for the public on September 30.

The exploit would require physical access to a phone, but it is still a major security flaw in iOS that puts your privacy at risk. This also wouldn’t be the first time in the recent months where Apple has shipped versions of iOS with major privacy flaws.

Tagged with , ,

Elevate the Conversation!

Join Thurrott Premium to enjoy our Premium comments.

Premium member comments on news posts will feature an elevated status that increases their visibility. This tab would allow you to participate in Premium comments with other premium members. Register to join the other Premium members in elevating the conversation!

Register or Subscribe

Join the discussion!

BECOME A THURROTT MEMBER:

Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Register