iOS 13 Bug Lets You Access Contacts Without Unlocking Your Phone

A new bug discovered in iOS 13 has a major privacy flaw. The bug was first reported by Jose Rodriguez, who reported the issue to Apple in July, but the bug still works on the Gold Master (GM) version of iOS 13, which is expected to be released on September 19.

The Verge reports that this new bug allows users to exploit an issue with the lockscreen, allowing them to bypass having to unlock their phone and access the full list of Contacts on the phone, as well as the details for each individual contact — that includes the names, phone numbers, emails, etc.

Rodriguez shared a video demoing the exploit in action, and it seems to use a FaceTime call to activate VoiceOver, and then using Siri to get access to the Contacts list:

The exploit was confirmed to be working in the iOS 13.0 GM release, but Apple seems to have addressed the issue in iOS 13.1 betas, which is expected to arrive for the public on September 30.

The exploit would require physical access to a phone, but it is still a major security flaw in iOS that puts your privacy at risk. This also wouldn’t be the first time in the recent months where Apple has shipped versions of iOS with major privacy flaws.

Tagged with

Share post

Conversation 13 comments

  • navarac

    13 September, 2019 - 7:37 am

    <p>Not a good start.</p>

  • Stooks

    13 September, 2019 - 8:01 am

    <p>It is still in Beta right?</p>

    • SvenJ

      Premium Member
      13 September, 2019 - 8:04 am

      <blockquote><a href="#465498"><em>In reply to Stooks:</em></a><em> </em>13 or 13.1? Answer To both is, yes. But 13 is what is on new phones that are already in boxes.</blockquote><p><br></p>

  • SvenJ

    Premium Member
    13 September, 2019 - 8:12 am

    <p>It does require physical access to the phone, which means prying it from the hands of most Apple users. And the fix is already out in beta. </p>

  • dontbeevil

    13 September, 2019 - 8:53 am

    <p>it's a feature!</p>

    • MikeGalos

      13 September, 2019 - 11:14 am

      <blockquote><em><a href="#465525">In reply to dontbeevil:</a></em></blockquote><p>Now, now. Let's be fair. This time Mehedi didn't have a headline actually saying that. </p>

      • dontbeevil

        13 September, 2019 - 3:35 pm

        <blockquote><em><a href="#465574">In reply to MikeGalos:</a></em></blockquote><p>agree</p>

      • dontbeevil

        14 September, 2019 - 12:52 pm

        <blockquote><em><a href="#465574">In reply to MikeGalos:</a></em></blockquote><p>""<em>Every year, some pretentious tech blogger has to remind his tech-infatuated (and probably Apple-loving) readers that there’s an Android update problem.</em>"</p><p><br></p><p>using Paul quote, we could say</p><p><br></p><p>"<em>Every year, some pretentious tech blogger has to remind his tech-infatuated (and probably Apple-loving) readers that’s a feature and not a bug</em>"</p>

  • anoldamigauser

    Premium Member
    13 September, 2019 - 9:31 am

    <p>So the plan would be to skip the update to 13.0 and wait for 13.1 to be released.</p>

  • jimchamplin

    Premium Member
    13 September, 2019 - 12:14 pm

    <p>Pretty hard to be super worried, since it means someone has to actually steal your phone to do it. Then exploiting what they learn means opening themselves up to be caught in a felony theft. </p>

  • ivarh

    Premium Member
    14 September, 2019 - 2:05 am

    <p>This is not exactly what qualifies as a serious privacy issue. If this is serious how would a bug where someone could access a complete icloud accounts content be?</p><p><br></p><p>Also this and all the other similar bugs accessed via the lockscreen is that they require siri access from the lookscreen to be turned on and use some sort of either timing issue or accessibility feature. If the worry that someone that gains physical access to your phone can access your private data turn off siri access while phone is locked.</p><p><br></p><p>I't is rather fun (and tragically for apple) that apple seem unable to fix this problem since it keeps reoccurring every now and then. Something tells me they need to rewrite the lock screen software completely rather than patching specific problems as they are found.</p>

  • sandy

    Premium Member
    15 September, 2019 - 9:22 pm

    <p>The concern is Apple keep reintroducing bugs like this one.</p><p>Google Project Zero's recent blog about that set of iOS bugs which allowed complete takeover of an iPhone revealed some really shoddy code which suggests Apple doesn't ensure code changes go through QA before being released, and that's the real concern because that bad process is guaranteed to introduce security vulnerabilities.</p>

Newsletter

Stay up to date with the latest tech news from Thurrott.com!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2023 BWW Media Group