IOS 10, now installed on most Apple mobile devices, found a very dangerous vulnerability that allows to gain unauthorized access to the personal data of the owner. The security gap allows almost anyone who will take up the iPhone or iPad, view photos and read messages to bypass the lock screen and Touch ID. The issue affects iOS 8 and later, including iOS 10.2 beta 3.
A loophole through which we can pass protect iPhone, found the author of the YouTube channel EverythingApplePro. With a few simple steps, the attackers can get into the Contacts app, and from it to the photo library and posts on the device.
For implementation of attack first need to know the phone number of the iPhone owner. To do this, from the lock screen to ask Siri “Who am I?”
Next, you dial the number, or initiate a FaceTime call. While the attacked iPhone is ringing, you press on the screen “Message” and in the opened menu choose the option “Other”. You then give Siri the command to turn on VoiceOver.
The next step may fail the first time, therefore, most likely, have done it several times. Double-touch the screen in the message recipient, and then clamp and immediately touch a keyboard. Next on the screen above the keyboard you should see the effect of slide-in, then you need to ask Siri to turn off VoiceOver.
The last step is to enter the first letter of the contact’s name, click on the icon “i” in front of it and create a new contact. It offers access to photos. To read the messages by simply selecting any of the contacts.
In order to protect iPhone from this kind of attack should disable the ability to summon Siri from the lock screen. Likely the vulnerability will be fixed in the final version of iOS 10.2. The vulnerability can stay on the iPhone 4s with iOS 9.3.5, since Apple no longer releases updates for that version of the OS.
