Easy way to bypass passcode lock screens on iPhones, iPads running iOS 12
Credit to Author: Darlene Storm, Michelle Davidson| Date: Tue, 18 Sep 2018 11:16:00 -0700
With iOS 12 and iPhones that have Touch ID, you can still bypass the iPhone lock screen and trick Siri into getting into a person’s phone. The bypass is the same as it was in earlier versions of the operating system:
Siri then opens the cellular data settings where you can turn off cellular data.
As was the case before, anyone can do this. It doesn’t have to be the person who “trained” Siri.
By also turning off cellular, you cut off Siri’s access to cellular networks. You will get an error saying, “Siri not available. You are not connected to the internet.” But you don’t care about that error because you have already bypassed the iPhone lock screen. If the device is on a Wi-Fi network, however, that connectivity will remain.
Other privacy holes remain for Touch ID devices running iOS 12
Still an issue for iPhones that have Touch ID: Anyone can use Siri to read your new/unread text messages, send text messages, send email, and see your most recent phone call.
To do that, again prompt Siri to wake up using a finger not associated with the phone’s authentication. Then say, “Read messages,” and Siri will read any unread text messages from the lock screen. Say, “Send a text message [person’s name],” and Siri will let you dictate a message and send it. Say, “Show me recent calls,” and Siri will display your most recent phone call. Say, “Send an email to [person’s name],” and Siri will let you dictate an email and send it.
Apple patches privacy holes on iPhone X-series phones
Apple has patched the privacy hole with the iPhone X-series phones, which all use Face ID to unlock the phones. There is no way to force Siri to activate on these devices and let non-owners access text messages, phone call logs, email, or other apps.
Further, future iPhones will all have Face ID. Touch ID, while still supported on iPhones up to the iPhone 8 series, will not be included on new devices.
Lock down your privacy
Until Apple patches the privacy hole in iPhones that have Touch ID — or until you can upgrade to an iPhone X-series device — your best option is to disable Siri from the lock screen.
————————————–
With iOS 11, you can still bypass the iPhone lock screen and trick Siri into getting into a person’s phone. The bypass is the same as it was in the earlier version of the operating system:
Siri then opens the cellular data settings where you can turn off cellular data.
As was the case before, anyone can do this. It doesn’t have to be the person who “trained” Siri.
By also turning off Wi-Fi, you cut off her connectivity access. You will get an error saying, “Siri not available. You are not connected to the internet.” But you don’t care about that error because you have already bypassed the iPhone lock screen.
Other privacy holes remain
Also still an issue: Anyone can use Siri to read your new/unread text messages, send text messages and see your most recent phone call.
To do that, again prompt Siri to wake up using a finger not associated with the phone’s authentication. Then say, “Read messages,” and Siri will read any unread text messages from the lock screen. Say, “Send a text message [person’s name],” and Siri will let you dictate a message and send it. Say, “Show me recent calls,” and Siri will display your most recent phone call.
Facebook privacy hole closed
Apple has closed the hole that allowed you to command Siri to post to Facebook. Now, she tells you she can’t do it and gives you a button to open Facebook. You need to enter the passcode for the device to open the app.
Lock down your privacy
Until Apple patches the hole that lets you bypass the lock screen and let you command Siri, your best option is to disable Siri from the lock screen.
————————————–
Apple still has not patched the hole allowing you to bypass the iPhone lock screen. As of iOS 10.3.2 (and the 10.3.3 beta), you can still trick Siri into getting into a person’s iPhone.
It works like this:
Siri will then open the cellular data settings where you can turn off cellular data.
Anyone can do this—it doesn’t have to be the person who “trained” Siri.
By also turning off Wi-Fi, you cut off her connectivity access. You will get an error saying, “Siri not available. You are not connected to the internet.” But you don’t care about that error because you have already bypassed the iPhone lock screen.
Not only can someone trick Siri to turn off cellular data, but they can trick her to read unread text messages and post to Facebook—a major privacy issue.
To do it, again prompt Siri to wake up using a finger not associated with the phone’s authentication. Then say, “Read messages,” and Siri will read any unread text messages from the lock screen. Or say, “Post to Facebook,” and Siri will ask you what you want to post to Facebook.
We tested this with a staffer’s iPhone 7, with someone other than the iPhone owner giving the commands. Siri let the person right in.
While we wait for Apple to patch the hole, your best option is to disable Siri from the lock screen.
————————————–
There are multiple bypass vulnerabilities which could allow an attacker to get past the passcode lock screen on Apple devices running iOS 9.
The details for four different attack scenarios were disclosed by Vulnerability Lab. It’s important to note that an attacker would need physical access to the device to pull this off; that being said, the advisory says the hacks were successfully executed on iPhone models 5, 5s, 6 and 6s as well as iPad models Mini, 1 and 2 running iOS 9 versions 9.0, 9.1 and 9.2.1.
Security researcher Benjamin Kunz Mejri, who disclosed a different method for disabling the passcode lock screen on iOS 8 and iOS 9 about a month ago, discovered the flaws. Vulnerability Lab posted a proof-of-concept video showing multiple new ways for a local attacker to bypass the passcode in iOS 9 and gain unauthorized access to the device.
“Local attackers can use Siri, the event calendar or the available clock module for an internal browser link request to the App Store that is able to bypass the customer’s passcode or fingerprint protection mechanism,” the disclosure states. The attacks exploit vulnerabilities “in App Store, Buy more Tones or Weather Channel links of the clock, event calendar and Siri user interface.”
There are four attack scenarios explained in the disclosure and demonstrated in the proof-of-concept video; each begins on an iOS device with a locked passcode.
The first scenario involves pushing the Home button to activate Siri and asking her to open a non-existing app. Siri responds that you have no such app, but she “can help you look for it on the App Store.” Tapping on the App Store button opens a “a new restricted browser window.” Either select update and open the last app, or “push twice on the Home button” for the task slide preview to appear. Swipe over to the active front screen task and that bypassed the passcode lock screen on iPhone models 5, 5s, 6 and 6s.
The second scenario is similar, first pushing on the Home button for two seconds to activate Siri and then asking to open the clock app. Switch to world clock in the bottom module and tap the image for the Weather Channel LLC network; if the weather app is deactivated by default, then a new restricted browser window will open which has App Store menu links. Click update and open the last app, or tap twice on the Home button to get to task slide preview. Swipe over to the active front screen and voila – passcode lock screen bypassed again; this reportedly works on iPhone models 5, 5s, 6 and 6s.
The third attack scenario works on iPad model 1 and 2, but basically follows the same steps as scenario two to bypass the passcode and gain unauthorized access to the device.
The fourth way to bypass the lock screen passcode involves forcing Siri to open by pushing the Home button and asking her to “open Events/Calendar app.” An attacker could tap the “Information of Weather Channel” link which is found at the bottom of the screen next to the “Tomorrow module.” If the weather app is deactivated by default, then a new restricted browser window opens with App Store links. Tap update and open the last app, or push twice on the Home button to bring up the task slide preview. Swipe over to select the active front screen and the passcode on the lock screen is bypassed.
Although the Apple security team was reportedly notified on January 4, there are no dates listed in the vulnerability disclosure timeline for Apple responding or developing a patch. Vulnerability Lab proposed the following temporary solution for users to harden device settings: