While iOS 12 is probably the best reiteration of Apple's mobile operating system, security is a big mistake so far. On September 26, Videosdebarraquito discovered a passcode bypass that displayed contacts and photos on the lock screen. Apple has now fixed this security bug. Videosdebarraquito, however, has discovered a new device that affects all iPhones with the iOS version iOS 12.1 and 12.1.1.
On October 30 Jose Rodriguez deployed the infamous video debraquito channel YouTube showed the initial bypass vulnerability with a demo on the new iOS 12.1 and iOS 1
In the following video we see this with only a few normal inputs. Users can access the contacts of a locked iPhone when that iPhone is on a call – all by using Group FaceTime. Unlike the workaround we showed last month, photos can not be accessed, at least not in the method shown here.
You can self-replicate the bypass to see almost all contacts and their phone numbers and emails. All you need is the phone number of an iPhone with iOS 12.1 or 12.1.1. Simply follow the steps below to access the entire contact list of the iPhone with all attached details:
- Access the locked iPhone. The remaining instructions are to be executed on the locked iPhone.
- Take the call.
- On the call menu screen, tap FaceTime.
- Tap immediately on the ellipse (•••) in the lower right corner (on iOS 12.1) or swipe up on the top of the control panel (iOS 12.1.1).
- Touch Add Person.
- Touch the (+) icon on the top right.
- Now have access to all contacts on the iPhone, including phone numbers, e-mail accounts, addresses and other stored contact information.
If you want to try this bypass for yourself, do it fast. We do not expect this bypass to be available for a long time. While it appears to be something that Apple purposely included in iOS 12.1 and 12.1.1, it should be intended to lock it behind the Face ID, Touch ID, or passcode security.