Beware! New iPhone hack lets attackers view, share your photos
What's the story
Apple has recently released iOS 12.0.1 offering a fix for a number of issues, including those of charging and bypassing passcodes.
However, within just 10 days of the release, another vulnerability has been flagged and this one can easily let an attacker view, share pictures on your iPhone (if he has the physical access of your phone).
Here's what you should know about it.
The hack
The exploit stems from accessibility features
The vulnerability seems to stem from certain accessibility features provided by Apple for visually impaired users.
It can be exploited by calling the targeted device, navigating to iMessage (from the call screen) and activating VoiceOver via Siri.
Next, all an attacker has to do to activate the bug is tap on the Camera icon, invoke Siri (again), and double tap on the screen.
Details
What happens when the bug is exploited?
When the bug is exploited, the screen turns black and the attacker gets hidden UI functions.
They won't see any options but the VoiceOver will read out everything. Meaning, they just have to swipe until it says 'Photo Library'.
Selecting the option will open iMessage with an empty white space instead of a keyboard. This is the photo library.
How?
Now, the attacker can view and share your photos
From the invisible photo library, the attacker can swipe and use VoiceOver (which describes photo characteristics) to pick any shot.
On double tapping, the photo will be inserted into the text box, letting the attacker view and share it to their own or any other number.
Notably, the hack was found by tech enthusiast Jose Rodriguez, who had also flagged the previous iOS bug.
Possible solution
No official fix, but there might be a workaround
As the issue has just been flagged, Apple might take a while to implement a fix.
However, if you still feel someone can get physical access of your device and use this trick, we suggest disabling Siri access via Settings.
To do so, navigate to Settings > Touch ID & Passcode > and uncheck Siri under the 'Allow Access When Locked' head.