Apple is planning to release iOS 13 next week, but one security researcher has already discovered a lockscreen bypass. The exploit allows you to bypass the lockscreen and gain access to all contact information on an iPhone. Jose Rodriguez discovered the exploit and revealed to The Verge that he reported it to Apple on July 17th, but it’s still working in the Gold Master (GM) version of iOS 13 that will be released on September 19th.
Rodriguez discovered a lockscreen exploit last year for iOS 12.1, and this latest iOS 13 bypass uses a similar technique. It involves activating a FaceTime call and then accessing the voiceover feature from Siri to enable access to the contact list. You can then obtain email addresses, phone numbers, address information, and more from the list of contacts.
The Verge has tested and confirmed that the bypass procedure works on the iOS 13 GM running on an iPhone X. You’re not able to access photos, though. Naturally, this requires physical access to an iPhone, and some time to initiate a FaceTime call and enable voiceover.
Rodriguez says the exploit appears to be fixed in beta copies of iOS 13.1, which Apple is planning to make available on September 30th.
This is the latest in a long line of lockscreen bypass bugs for iOS. A bug in iOS 6.1 back in 2013 allowed attackers to access phone records, contact information and even photos. iOS 7 also included a similar security hole, you could bypass the iOS 8.1 lockscreen, and iOS 12.1 also had issues.