- Tram Ho
Apple has just officially released iOS 15 and very quickly, there was a security hole.
Security researcher Jose Rodriguez published a vulnerability video not long after Apple released the latest iOS, detailing how he was able to bypass the lock screen on iPhones running iOS 15 (and iOS 14.8) to access it. access the Notes app.
Fortunately, this is not a remote manipulation vulnerability, but requires direct manipulation on the device to be able to work.
In the video, when the iPhone is locked, Rodriguez asks Siri to activate VoiceOver. He then pulled down the Control Center and clicked on Instant Notes, allowing users to quickly jot down a note without unlocking the iPhone. Then, Rodriguez accesses the Control Center again, this time opening the watch app.
From there, Rodriguez taps on certain areas of the screen when the timer app is open, but VoiceOver describes the actions of the note app. Finally, he can access a saved note in the Notes app, and VoiceOver starts reading the note.
This note is normally not accessible with a locked iPhone.
From here, you can copy notes, including links and attachments, using the VoiceOver wheel.
iOS 15 Lock Screen Bypass
In one situation, the target device was called by another iPhone. An attacker can reject the call and paste the copied text into a custom message response. In addition, text can be pasted into the message if the second device sends the message to the target iPhone. All this happens without unlocking the iPhone.
However, this error does not work with cryptographically protected notes.
In addition, there are many things that need to be ensured to be able to successfully take advantage of this security hole. First, the attacker needs physical access to the victim’s iPhone, which means he has to physically hold the device. The device must have Siri enabled, Control Center activated on the lock screen, the Notes and Clock apps available in the Control Center. The victim’s phone number must also be known.
Rodriguez said he made the vulnerability public instead of keeping it private and reported it through Apple’s Bug Bounty program because he thinks that aside from the low bounty, it could take Apple months to respond and corroborate the filings. .
Previously, Apple awarded Rodriguez $25,000 for discovering CVE-2021-1835, another lock screen bypass method that allows access to Notes app content. Apple has specified as a “partial access” error that results in partial extraction of sensitive data, limiting payouts to a maximum of $100,000. The vulnerability creates widespread access to other secure data, the reward can be up to 250,000 USD.
The method discovered by Rodriguez can be disabled by disabling Siri or restricting Control Center access to the lock screen in Face ID & Passcode settings.
Source : Genk