The bug can be exploited to access the photos stored on a user’s device, and it’s been found in iOS12
A digital forensics specialist has discovered a vulnerability in Apple iOS’s VoiceOver feature that can be exploited by a malicious actor to gain access to the victim’s photos. The bug, a bypass of the lock screen made through the VoiceOver screen reader, depends on the attacker getting physical access to the selected device.
Revealed by the expert in digital forensics in iOS, José Rodríguez, and later shown in a Youtube video, the attack chain begins when the attacker calls the victim’s phone. This can be made possible by asking Siri voice attendant to read the digit-to-digit phone number if the attacker does not have this information. Once a call has been made, the attacker must select “Reply by SMS” and then select the “Personalize/Custom” option.
Phrases are irrelevant, so any word can be placed in this step, but it is crucial for the attacker to ask Siri to activate VoiceOver at this point of the attack. The camera icon should also be selected, and after this, the attacker must touch the screen twice while calling Siri through the side buttons at the same time.
More than a single attempt may be required to trigger the vulnerability, but when successful, the screen of the attacked device will become black, which could be the result of a confusion or conflict in the operating system.
The attacker can use this bug to access user interface elements, such as the image library, which should otherwise be restricted if the attacker does not know the victim’s access code when any interaction with the device is performed.
Once the photo album has been accessed, it is possible to touch the photos twice to return to the call SMS response box and add the contents of the library to the message. These images can be stolen and sent to any other device controlled by the attacker.
While the actual graphics for each image are hidden by the message box at this point, you can still access them and view them after adding them to the message. Rodriguez’s report confirmed that the vulnerability is present in the newer models of IPhone running the latest version of the mobile operating system, IOS 12.
According to specialists in digital forensics from the International Institute of Cyber Security, last September, the well-known security expert of Apple, Patrick Warder, revealed a zero-day vulnerability in Apple Mojave, the same day of the launch of the update of the operating system that, if exploited, could result in the theft of the users’ contact information.
Disclosure of this vulnerability binds to Warde’s previous findings, such as the well-known macOS error that could lead to a total system compromise.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.