Apple iOS 12 Reveals Data With Screen Lock Bypass Flaw
By: Jim Stickley and Tina Davis
October 17, 2018
Every so often, Apple releases a rather large upgrade for its iOS products. Recently, the company announced the latest and greatest version, iOS 12. And of course soon afterward, hackers, white and black hat, go to work furiously trying to find every single flaw. Well what do you know; at least one of them was successful. A researcher, Jose Rodriguez found one in the lock screen feature.
This isn’t the first time Mr. Rodriguez has found flaws in Apple’s new releases. He goes way back to version iOS 6. In fact, he has found no less than four major ones starting with that version.
Before we get into this flaw, just know that locking your screen, while very important and certainly recommended, doesn’t guarantee that your device will be secure if it gets stolen. Yes, definitely set it to automatically lock after a short period of time—the shortest possible. However, this particular issue goes to show that even locking the screen isn’t hacker-proof. You need to make sure to immediately wipe your device clean if it gets stolen. To a thief well versed (or even partially-versed) in thefts of this type, it may take them all of 20 minutes to crack that lock screen and have access to all of your information, according to Jim Stickley of Stickley on Security.
So you’re probably letting out a big sigh right now because you’re thinking, “What if I don’t realize it’s been stolen and I think I just misplaced it? Why do I need to wipe it clean.” Well, because you really don’t want all your data accessed, do you? You don’t want some thief going around charging his overpriced lattes with your Apple Pay account, right? So, to avoid this, just wipe it clean. If you do find it later, restore it from a backup. Yes, you should make sure and backup your devices either to a physical computer or to the cloud. At least backup your important stuff, like contacts and photos.
Rodriguez discovered that with two devices and a list of 16 steps, he could bypass that screen lock and get to the device’s information including contacts, photos, and emails. Unfortunately, this seems to be a pattern with new Apple iOS releases. They announce one, then immediately have to do an update because of flaws like this. To be safest, disable Siri when the screen is locked. Then, as soon as you see that familiar icon in the corner letting you know an update is available, apply it.