While iOS 12 is probably the best iteration of Apple's mobile operating system yet, a big mistake so far is security. On September 26, Videosdebarraquito discovered a password bypass that gave access to contacts and pictures from the lock screen. Apple has then patched the security error, but Videodebarraquito has detected a new one that affects all iPhone running iOS 12.1 and 12.1.1 beta.
October 30 Jose Rodriguez 's infamous YouTube Video Debarraquito Channel showed the initial bypass vulnerability with a demonstration on the new iOS 12.1 and iOS 12.1.1, this time taking advantage of Apple's new Group FaceTime feature.
In the video below we'll see it with just a few common inputs. Users can access the contacts on a locked iPhone if the iPhone is involved in a phone call – all by utilizing Group FaceTime. Unlike the bypass we showed last month, pictures can not be reached, at least not in the method shown here.
You can replicate the bypass yourself to see everyone else's contacts and their phone numbers and emails. All you need is the phone number of an iPhone running iOS 12.1 or 12.1.1. Just follow the steps below to get to the iPhone's full contact list with all the attached details:
- Call the locked iPhone.
- Pick up the call.
- Touch "FaceTime" on the Conversation Menu screen.
- Immediately press the ellipse (•••) in the bottom right (iOS 12.1) or swipe up the bottom panel (iOS 12.1.1).
- Tap "Add Person".
- Touch the (+) icon in the upper right.
- You now have access to all contacts on iPhone, including phone numbers, email accounts, addresses, and other contact information that can be stored.
If you want to try this bypass for yourself, do it quickly. We do not expect this bypass to be available for a long time. While it may seem like something Apple deliberately included in iOS 12.1 and 12.1.1, they probably meant to lock it behind face ID, voice ID, or password protection.