This is a bit of a mess.
A bug has been discovered in the newly-released iOS 12.1 operating system in which Group FaceTime calls can allow a hacker to access the details of a contact stored on an iPhone, without needing to unlock the device.
The public release of iOS 12.1 allowed iPhone and iPad users to make Group FaceTime calls, which extends the existing FaceTime functionality to allow up to 32 callers to take part in a video conference. While the change increases the caller limit from two, the mechanism to add contacts also appears to be susceptible to abuse, including when the iPhone itself is locked.
The exploit was discovered by security researcher Jose Rodriguez, who offered the following demonstration of the hack:
In the video demonstration, the iPhone being attacked is called by a different iPhone, and the call answered. Once connected, Rodriguez transitions the call to a FaceTime video call, then in the bottom right menu selects “Add Person.”
In the video, a potential hacker can tap the “plus” icon, bring up the device’s contact list as part of the process to add a new user. Rather than adding, using 3D Touch on each contact can bring up more details, including email addresses, phone numbers, and other information.
The hack seems to work on almost all iPhones running iOS 12.1, but not the iPhone XR.
Rodriguez’s record includes other discoveries such as ways to access contacts and other data from a locked iPhone, with methods revealed in September and October featuring the VoiceOver screen reader feature and, in one case, the Notes app. The latest discovery is a far simpler process and doesn’t require VoiceOver to be active, making it usable on a far wider array of devices.
The hack itself is somewhat limited in scope and requires both physical access to an iPhone as well as a call from another iPhone to initiate FaceTime in the first place. Once executed, the information that can be gathered only relates to contacts, so a user’s private data stored on the iPhone itself is not at risk.
Apple may have a fix in the works for future iOS updates, although it’s unknown what the time frame for this fix might happen to be.
Stay tuned for additional details as they become available.
Via AppleInsider and The Hacker News